What is PQ3? How Apple iOS 17.4 is future-proofing iMessage security

What is PQ3? How Apple iOS 17.4 is future-proofing iMessage security

Apple regularly releases security updates to plug known exploits that represent a clear and present danger to iPhone users.

The update coming in iOS 17.4 (and the various Mac and iPad counterparts) is designed to safeguard against a threat that could see today’s encrypted iMessage conversations being decrypted by more advanced computing technology in the future.

Apple Watch 8 for just £279 in rare clearance sale

Apple Watch 8 for just £279 in rare clearance sale

The Apple Watch 8 is the 2022 flagship but you can get it here priced at a bargain £279. That’s £150 off.

  • John Lewis
  • £150 off
  • Now £279

View Deal

Apple has today announced a ground-breaking new PQ3 (post-quantum cryptography) security protocol, which it calls “the most significant cryptographic security upgrade in iMessage history.”

Apple says this builds upon the existing end-to-end encryption technology and is more equipped than any of the rival messaging services to resist “even highly sophisticated quantum attacks”.

Because that technology isn’t available for the most part, it’s very much a future-thinking protection. Apple is concerned about a particular scenario known as Harvest Now, Decrypt Later.

That means bad actors could be stealing and stockpiling the encrypted message data of users with the knowledge that they may be able to decrypt it one day, when they have access to a quantum computer. And here’s us thinking our text conversations are safe now!

PQ3 iMessagePQ3 iMessage

“The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference,” Apple explains. “Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later.”

Thankfully, from iOS 17.4 onwards, those fears will be lessened. Apple says PQ3 will be the first that’s resistant to these yet-to-happen attacks. That’s because it’s the first messaging protocol first to achieve Level 3 security.

“To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world,” Apple says.

Level 3 goes beyond Signal’s deployment of Level 2 security, which offers PQC key establishment. Level 3 includes what Apple calls “ongoing PQC rekeying” which provides the protection against those dreaded harvest now and decrypt later attacks.

You can read all about it in loads of technical detail at Apple’s security blog.

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *