Earlier this year, Apple said: "Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data." But Quarkslab, a Paris-based security firm, disputed those claims at a Hack in the Box conference in Kuala Lumpur on Thursday, according to Ars Technica.
Quarkslab claimed, on its blog: "Apple can read your iMessages if they choose to, or if they are required to do so by a government order." The researchers explained that there is no evidence iMessages are being decrypted by Apple or the government, but that it would be possible.
It wrote: "There is end-to-end encryption as Apple claims, but the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages."
The messages could not be read by hackers, as they would require physical control of the device and the installation of malicious software such as fake certificates. Apple employees would not need this as, if they were working under a court order, could control the infrastructure without tampering with the device.
Source: The Telegraph