How secure is FaceTime by Apple

  • Apple says their messages and FaceTime calls are end-to-end encrypted and nobody can access them.

    As I'm unfamiliar with cryptology, I've found security white paper from Apple, where says:

    FaceTime uses Internet Connectivity Establishment (ICE) to establish a peer-to-peer connection between devices. Using Session Initiation Protocol (SIP) messages, the devices verify their identity certificates and establish a shared secret for each session. The cryptographic nonces supplied by each device are combined to salt keys for each of the media channels, which are streamed via Secure Real Time Protocol (SRTP) using AES-256 encryption.

    How secure is FaceTime and is it really impossible to decrypt/access/listen calls and video?

    This might help you: https://www.eff.org/node/82654 It's a brief analysis made by the EFF. It might also help you refine what you mean by "how secure is it?"

    "how secure is it?" is like saying "how long is a piece of string?", you have omitted too many parameters to enable anyone to sensibly answer the question.

  • Sjoerd

    Sjoerd Correct answer

    5 years ago

    If you believe Apple, FaceTime traffic is end-to-end encrypted using AES-256. This is secure, in the sense that somebody intercepting the traffic can not decrypt it (as far as is publicly known).

    However, crypto is hard and the security could be compromised if Apple has made an implementation error. I.e. because of a programming bug the traffic may not get encrypted correctly. Apple has previously shown that they made pretty secure systems (e.g. the iPhone in the FBI case), so this is not likely.

    Even if the traffic is encrypted, the system is not secure without authentication. If you set up a connection to the wrong person, an encrypted connection is not going to help. In that case you may tell your secrets to somebody pretending to be someone else. Of course in the case of FaceTime it would be pretty hard to impersonate someone, because you can see their face and hear their voice. Verifying that you are talking to the right person is pretty easy, even though there is no technical solution for this in FaceTime.

    "Apple has previously shown that they made pretty secure systems": well, they also made the "goto fail" vulnerability.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used