this post was submitted on 21 Feb 2024

72 points (97.4% liked)

Apple

17482 readers

39 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:

No NSFW Content
No Hate Speech or Personal Attacks
No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago

MODERATORS

[email protected]

iMessage quantum security arrives with iOS 17.4 - 9to5Mac (9to5mac.com)

submitted 8 months ago by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

top 15 comments

sorted by: hot top controversial new old

[–] [email protected] 12 points 8 months ago* (last edited 8 months ago) (1 children)

The NSA is apparently collecting and storing thirty petabytes of encrypted data per day and that's likely to include every iMessage sent worldwide. When quantum computers arrive, they will be able to decrypt that data and some estimates put that future uncomfortably close. Real breakthroughs in quantum computing have been made the last year or two.

It's good to see something is finally being done about that threat. I wouldn't count on the NSA being the only people with the data either - it's a goldmine and surely other governments are trying to gain access.

[–] [email protected] -1 points 8 months ago (4 children)

The timing of this feels very odd given what happened a couple months ago with Beeper mini

[–] [email protected] 26 points 8 months ago (1 children)

Not really, the type of encryption used isn’t necessarily a barrier to interoperability.

Quantum computing is developing quickly, and is a threat to conventional encryption methods. There is a good chance we will see quantum computing break many forms of encryption used today in the near future. As such, most companies developing secure platforms are now embracing quantum-resistant encryption.

This isn’t necessarily (another) attempt to reinforce the walls around the iMessage garden, just Apple being proactive about a potential future security danger. Other messaging platforms will be doing the same, if they are not already.

[–] [email protected] 8 points 8 months ago

Yeah and iMessage is used by shitloads of people for all kinds of sensitive stuff. A company like Apple absolutely doesn’t want to be in the headlines when the first salvo of quantum hacks start making the news. This is just them covering their ass.

[–] [email protected] 13 points 8 months ago* (last edited 8 months ago)

There is no way they started working on this a couple months ago. It would have years of work.

[–] [email protected] 12 points 8 months ago

The timing makes sense because Apple is already reworking their messaging software to prepare for RCS support.

They made the decision to rework Messages long before Beeper, but I'm sure that little episode gave them extra incentive to get work done faster.

[–] [email protected] 7 points 8 months ago

I think this is one step in ongoing efforts to further enhance the security of iMessage and has nothing at all to do with random topics that the tech press happened to focus on. Contact Key Verification came out in October. Beeper Mini came out in December. One of the third-party security analyses Apple provided for this PQ3 enhancement is dated January 15. I think it's pretty clear that PQ3's development long preceded Beeper Mini.

[–] [email protected] -4 points 8 months ago (1 children)

Quantum or tell me that you fall in the pseudoscientific trap.

[–] [email protected] 7 points 8 months ago (1 children)

This is about them adding post-quantum encryption, which means encryption that could survive an attack using quantum computers.

This is computer science and mathematics, not pseudoscientific crap.

[–] [email protected] -3 points 8 months ago (1 children)

My sentence wasn't that litteral. It's pseudoscientific crap marketing. "Quantum security" isn't "survive attacks using quantum computers". It's completely pedantic.

The issue with this usage is that the meaning of the words disappears.

[–] [email protected] 4 points 8 months ago (1 children)

“Quantum security” is a fairly widely accepted term in the industry and it has meaning.

Other terms with the same or similar meaning are quantum cryptography or post-quantum security.

https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies

https://thequantuminsider.com/2023/07/17/quantum-security/

https://www.nomios.com/resources/what-is-quantum-security/

https://www.weforum.org/global_future_councils/gfc-on-cybersecurity/projects/quantum-security/

https://docs.paloaltonetworks.com/network-security/quantum-security/administration/quantum-security-concepts

https://www.hashicorp.com/blog/quantum-security-and-cryptography-in-hashicorp-vault

https://blog.1password.com/passkeys-quantum-computers-encryption/

[–] [email protected] -1 points 8 months ago

It's my point. I never ever wrote the term doesn't exist nor the term isn't valid.