iMessage is set to receive a substantial security upgrade as Apple plans to introduce a “post-quantum cryptographic protocol” called PQ3.
Those are some five-dollar words, but what do they mean? In a nutshell, PQ3 is a new type of encryption tech that can locally generate encryption keys for an iMessage text on an iPhone. The text is sent to Apple servers where a fresh key is made and sent back to the device. So if a hacker somehow gets their hands on one of these messages, they can’t use its key to gain access to your conversation. The locks have been changed, so to speak. That’s the gist of PQ3. A post on Apple’s Security Research Blog goes into way more detail. For the sake of brevity, we’ll keep things short. But the breakdown talks about the cryptography behind everything, how rekeying works, the “padding” process, as well as the extensive reviews done by cybersecurity experts.
Oncoming threat
The reason Apple is doing all this is to protect its service from future threats, namely “sophisticated quantum [computing] attacks”. Such attacks aren’t exactly widespread in 2024 as computers capable of bypassing modern high-end cryptography techniques don’t exist – yet. Security experts have sounded the alarm, warning companies around the world of an event known as "Q-Day". This is where a quantum computer powerful enough to crack through the internet's encryption systems and security is built. And Apple has decided to listen.
The average hacker probably won’t have access to this type of technology, but it may be found in the hands of a foreign adversary. Apple is particularly worried about an attack scenario called “Harvest Now, Decrypt Later” (also known as Store Now, Decrypt Later) which sees hackers collect as much encrypted data as possible, then sit on this treasure trove of information until the day comes where quantum computers are strong enough to break through the protection.
An edge above the competition
Support for PQ3 is scheduled to launch with “the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4”. Apple is covering all of its bases here. The company claims the boosted protection is available right now on the current developer and beta builds, however, that may not be the case. We haven’t seen people talking about receiving PQ3 on social media or reports from other publications detailing their experiences apart from a brief mention by MacRumors. It’s possible the patch could roll out to more people soon.
When PQ3 does officially launch, it could give iMessage a huge edge over other messaging platforms. Apple, in its blog post, boasts its service has Level 3 security because it has PQC (Post-Quantum Cryptography) protection. To put that into perspective, WhatsApp is Level 1 as it has end-to-end encryption but is vulnerable to quantum computing attacks. Signal is Level 2 because it has PQC although it lacks the key refresh mentioned earlier. There are plans to further improve PQ3 by implementing something called PQC authentication.
We reached out to Apple asking what this means and when people can expect the release of PQ3. This story will be updated at a later time.
In the meantime, check out TechRadar's roundup of the best iPhone for 2024.
You might also like
