Cattiaux delivered his research at the HITBSecConf2013 in Kuala Lumpur last week (slides here), with a supporting blog post. The gist is that while there is no evidence that Apple is either directly reading iMessages, or facilitating interception by any third party, it is possible to do so. This is directly contrary to Apple's assertion that it cannot read users' messages sent via iMessage.
The problem lies in the key infrastructure. Since it is controlled by Apple, the company could change a key at any time and perform a man-in-the-middle attack against either or both the message sender and recipient. Technically, the attack could be undertaken by a third-party, but it would require extensive resources including "huge network control to redirect the traffic of the iDevice (through DNS or whatever)", writes Cattiaux in his blog. "Clearly, not the many people have such capabilities. Maybe 3 letters agencies... Who knows", he adds.
It is clear through this oblique reference to the NSA that Cattiaux considers this a possibility – albeit a purely circumstantial possibility. It is known through the Snowden leaks that Apple has been required to co-operate in the NSA Prism program. It is also known that NSA has the required network resources, and has already allegedly undertaken an MITM attack (masquerading in this instance as Google) against the Brazilian petroleum industry. Cattiaux further notes that this vulnerability in iMessage exists because there is "No certi?cate pinning for both PUSH and iMessage servers (while Apple does it for SecureBoot and Developer certi?cates...)"
Apple has responded to the research. “iMessage is not architected to allow Apple to read messages”, said Apple spokeswoman Trudy Muller in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
But Bruce Schneier confirmed Cattiaux's conclusions. “The researchers show that iMessage could be undetectably designed to intercept and read messages, not that it is designed to do so", he said.
One problem, writes Cattiaux, is that "there are actually not that many solutions" available to prevent this theoretical vulnerability. In fact there are just two: "make the key infrastructure less opaque and more public," and "encrypt message with key not controlled by Apple." He adds, "These 2 solutions are under active development. Stay tuned..."