Apple’s iMessage, the instant messaging service that was previously said to be unhackable by law enforcement agencies, is apparently not nearly as secure as we first thought, according to new research from the security firm Quarkslab.

When the revelations over the NSA’s spying programs first surfaced this summer, Apple moved quickly to cover its tracks, pointing out that its iMessage App was so secure, even it couldn’t decrypt and intercept communication. However, QuarksLab presented a white paper at the Hack in the Box conference in Malaysia on October 17, 2013 in which they claim Apple can, in fact, decrypt iMessages if it really wants to. Since then we’ve seen a wave of headlines claiming that even Apple’s notoriously locked-down services are vulnerable to spying from the government.

In the research, Quarkslab’s Cyril Cattiaux points out that encryption isn’t the only thing that counts:

“As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple they can change a key any time they want, thus read the content of our iMessages.”

How Quarkslab Hacked iMessages

Quarkslab managed to pull off what’s called a “man-in-the-middle” attack by adding a fake security certificate, its researchers said. They claim that iMessages lacks something called ‘certificate pinning’, in which IT determines that only a specific certificate, or number of certificates, are to be trusted.

The researchers’ also found that users’ AppleID’s and passwords were transmitted through SSL communications in clear text, something that could allow Apple to see the password if it so desired. That means Apple — or any spy agency that happens to ask — could replay the password, Quarkslab said.

It also means that its possible to access anyone’s iCloud account, simply by adding a fake certificate and proxifying the communications to grab their AppleID and password.

Should hackers get hold of someone’s password, considerable damage can be done, as Matthew Honan of Wired found out last year.

The iPhone Configuration Utility, which lets enterprises manage iPhones, lets IT invisibly proxify communications to and from the device, thus gaining access to personal information, Quarkslab said. Apple’s PUSH notification service is another area of vulnerability.

Furthermore, the metadata about messages is sensitive – and Apple is in possession of that metadata.

iMessages Is Secure, If You Trust Apple

The researchers conclude that Apple isn’t likely to be reading nosing through anyone’s iMessages, but they warn that, “Apple can read your iMessages if they choose to, or if they are required to do so by a government order.”

However, in a statement given to All Things D today, Apple refutes this research and says it couldn’t intercept messages even if it wanted to.

“iMessage is not architected to allow Apple to read messages,” said an Apple spokesperson.

“The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”

The problem is that with the never-ending stream of information about the extent of NSA surveillance, it ultimately becomes an issue of trust. While Apple claims it can’t read your iMessages, it’s very likely that someone such as the NSA could force it to do so, if it had a valid target. Moreover, previous reports have suggested that companies like Microsoft and Skype have constructed their servers with so-called ‘backdoors’ that allow encrypted data to be easily retrieved.

Find more Security related stories with our Security Trends collection on Springpad.