Cell phone towers?

Author	All Replies
kevinds join:2003-05-01 Calgary, AB	Cell phone towers? Why would a man-in-the-middle attack using cell phone towers work in this case? Wouldn't the encyption be happening on the device, and sent as encypted data, then only decypted by the receiving Apple device? -- Yes, I am not employed and looking for IT work. Have passport, will travel.
	to forum · permalink · 2013-04-04 18:59:01 ·

KrK Heavy Artillery For The Little Guy Premium join:2000-01-17 Tulsa, OK Reviews: ·AT&T DSL Service	It's to do with the authentication of the devices to each other to send the encryption, my guess. The devices can't decrypt the messages unless they are working off the same key or code. So they probably authenticate to each other before sending the encrypted data. By placing your equipment in the middle you authenticate to the device and then pass the authentication to the next device. Now you are authenticated as well without either end user knowing it and can read the codes/keys and decrypt traffic at will. -- "Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
	to forum · permalink · 2013-04-04 19:18:18 ·
kevinds join:2003-05-01 Calgary, AB	My thinking was private/public keys - to prevent spying, but the public keys should be shared when added to the other device's contact list, just guessing how the encyption works, I haven't known Apple to share much, so I didn't bother looking at their protocol. So they probably authenticate to each other before sending the encrypted data. By placing your equipment in the middle you authenticate to the device and then pass the authentication to the next device. Now you are authenticated as well without either end user knowing it and can read the codes/keys and decrypt traffic at will. -As soon as they stop spying, the two devices can't message each other? -- Yes, I am not employed and looking for IT work. Have passport, will travel.
	to forum · permalink · 2013-04-04 20:00:23 ·
RARPSL join:1999-12-08 Suffern, NY	said by kevinds: My thinking was private/public keys - to prevent spying, but the public keys should be shared when added to the other device's contact list, just guessing how the encyption works, I haven't known Apple to share much, so I didn't bother looking at their protocol. So they probably authenticate to each other before sending the encrypted data. By placing your equipment in the middle you authenticate to the device and then pass the authentication to the next device. Now you are authenticated as well without either end user knowing it and can read the codes/keys and decrypt traffic at will. -As soon as they stop spying, the two devices can't message each other? There is no need for the two devices to have the same authentication code. All that is required is that cellphone1 be sending to the Man-in-the-Middle (MitM) phony cell tower which has a separate connection to cellphone2. The message goes from cellphone1 to the MitM tower encrypted, gets decrypted and recorded, gets re-encrypted using the credentials agreed upon between MitM and cellphone2 and delivered to cellphone2.
	to forum · permalink · 2013-04-04 20:42:53 ·
blah_ @orbital.com	reply to kevinds Note that this MitM attack wouldn't work generally, (in the way that the government is saying they can), with other secure messaging--- it just happens that the way Apple is implementing it with their imessaging, is vulnerable in the way the feds, (and others here), are describing, to MitM. There are probably plenty of other apps out there that wouldn't be vulnerable to this MitM, but they aren't as popular as imessaging.
	to forum · permalink · 2013-04-05 13:49:48 ·

DEA Angry Because They Can't Snoop On iMessages > Cell phone towers?