Apple’s security team claims they have achieved a significant achievement that “advances the state of the art of messaging.” Along with the upcoming iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 updates, the company is bringing PQ3, a new cryptographic protocol to iMessage that promises to offer more robust encryption and defenses against quantum computer attacks.
While such attacks don’t pose a broad threat today, Apple is preparing for a future where malicious actors can roll back existing encryption standards and iMessage’s security layers with the help of extremely powerful computers. These scenarios could begin to materialize toward the end of the decade, but experts agree that the tech industry should start advocating for them well in advance.
PQ3 protocol in iMessage
“PQ3 is the first messaging protocol that exceeds what we call Level 3 security, the protocol protections in all other commonly used messaging applications,” Apple’s security team said. He uses the expression. Yes, Apple has created its own messaging service security ranking system, and iMessage is at the top thanks to these latest PQ3 improvements.
In the company’s opinion, these innovations are enough to outperform even a service like Signal that has just developed its own security defenses. For reference, the current iMessage version is ranked as level 1, along with the older version of WhatsApp, Viber, Line, and Signal. “We are doing much more than simply replacing an existing algorithm with a new one, we are advancing the state of the art of end-to-end encryption by rebuilding the iMessage cryptographic protocol from the ground up,” Apple said. says.
Apple states that hackers today can store the encrypted data they obtain in the hope that they will be able to crack it a few years later, when quantum computers become a real attack vector:
Although quantum computers with this capability do not yet exist, extremely well-resourced attackers can now prepare for their possible arrival by taking advantage of the dramatic decline in modern data storage costs. The logic is simple: Such attackers can harvest today’s large amounts of encrypted data and file it away for future reference. Even if they can’t decrypt any of this data today, they can store it until they get a quantum computer that can decrypt it in the future; This is an attack scenario known as Collect Now, Resolve Later.
While quantum computers with these capabilities do not yet exist, highly resourced attackers can now prepare for their possible arrival by taking advantage of the sharp decline in modern data storage costs. The premis is simple: such attackers can collect large amounts of today’s encrypted data and store it for future reference. Even if they can’t solve any of them today, when they get a quantum computer that can solve them in the future, they can implement an attack scenario known as Collect Now, Solve Later.
All of Apple’s detailed information about the PQ3 can be found in its blog post, which is a great example of the company’s focus on protecting user data. And as we’ve learned in recent months, Apple will without hesitation prevent any third party that threatens iPhone sales from infiltrating its messaging platform in any way, even if they have good intentions.