There were already plenty of reasons to look forward to the next iPhone update, due in early March. But now, Apple has announced something completely unexpected, which will make a huge difference. Get ready for quantum computer protection for iMessage. Seriously.
February 25 update below. This post was first published on February 22, 2024.
In a support note issued on February 21, Apple said, “Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging.”
If you thought that Apple already had encryption in iMessage, you’d be right. But this takes things to another level. Apple says it will be “the strongest security properties of any at-scale messaging protocol in the world.”
Other services take security seriously, too, with Signal announcing a “post-quantum cryptography security enhancement. Apple welcomed this and has said that this offers level 2 security. Current iMessage security, until iOS 17.4 arrives, manages level 1, in Apple’s view, as does WhatsApp, it says. When iOS 17.4 is out, PQ3, in Apple’s judgement, will reach, you guessed it, level 3 of security.
It will also arrive on other Apple platforms that have iMessage, that is iPad, Mac and Apple Watch.
If you’re wondering where quantum computing comes in, it’s this. It’s thought that in the future, quantum computers will be able to overcome encryption levels available today. Which means that if hackers, for instance, can get hold of images now, they can work out what they said when quantum computers are up to it.
Apple says, “A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore—in theory—do so fast enough to threaten the security of end-to-end encrypted communications. Although quantum computers with this capability don’t exist yet, extremely well-resourced attackers can already prepare for their possible arrival by taking advantage of the steep decrease in modern data storage costs. The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later.”
Nobody wants their messages seen by others, whether that’s just innocuous nonsense like, “I’m on the bus, home in 20,” detailed business-critical messages or strategic plans sent in the field in a war zone.
Privacy is central to Apple, with the company describing it as a fundamental human right. This kind of security upgrade is to be welcomed and offers real peace of mind.
For an indepth look at the security details, check out fellow Forbes contributor Zak Doffman’s post, here.
February 23 update. If you want quantum security on your iPhone, and even the sound of it is pretty cool, to be honest, it’s simple to set up. If you have the public or developer beta versions on your phone, it will be automatically upgraded to PQ3 protection. If you don’t, then when you update in early March, when the general release of iOS 17.4 is out, it’ll happen then.
This won’t be an instant change-over, with Apple saying this: “Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases. iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol. As we gain operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.”
As Apple says, there are a lot of iMessage users, so to have replaced the protocol before the end of 2024 is quite the endeavor.
Note that for the PQ3 encryption protocol to be active, devices at each end of the messages need to be running iOS 17.4 (which is yet another way that Apple is helping us believe that blue bubbles are better than green ones—Android phones by definition will not have PQ3). And since not all iPhones can run iOS 17.4, the protocol won’t apply to them.
February 25 update. If you’re still not convinced that the PQ3 update is a good thing, Matt Burgess at Wired has a great explanation of what it means and what’s coming.
“Quantum computing is serious business. Governments in the US, China, and Russia as well as tech companies such as Google, Amazon, and IBM are plowing billions into the (still) relatively nascent efforts to create quantum computers. If successful, the technologies could help unlock scientific breakthroughs in everything from drug design to creating longer-lasting batteries. Politicians are also vying to become quantum superpowers. The current quantum computing devices are still experimental and not practical for general use.
“Unlike the computers we use today, quantum computers use qubits, which can exist in more than one state. (Current bits are either ones or zeroes). It means that quantum devices can store more information than traditional computers and perform more complex calculations, including potentially cracking encryption.”
Burgess goes on to quota Lucasz Olejnik, an independent cybersecurity and privacy researcher and consultant, who says that quantum computers could have “the potential to break most of today’s cryptography.” Olejnik says that tech companies are taking the quantum threat very seriously, saying that things are moving fast, not least because post-quantum cryptography is still very young.
If things are moving fast, isn’t there a risk that companies could head in the wrong direction and not provide protection after all? Apple seems to be hedging its bets, saying it is using a hybrid design combining current elliptic curve cryptography with newer post-quantum protections, saying, “Defeating PQ3 security requires defeating both the existing, classical ECC cryptography and the new post-quantum primitives.”
As mentioned above, one of the best things about this security development is that as soon as you install iOS 17.4, you’re covered. You can read the latest details of exactly when it’s available here.