Cyril Cattiaux, a developer for penetration testing company Quarkslab, claimed that Apple’s assertion in June that iMessages are encrypted end-to-end and that not even Apple can decrypt them was “just basically lies” at the Hack in the Box security conference in Kuala Lumpur this week.
"Apple can read your iMessages if they chose to, or if they are required to do so by a government order," the researchers said. "The weakness is in the [encryption] key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages."
The paper (PDF) from Qualcast describes how they were able to add a fake security certificate to an iPhone, which meant they theoretically could grab the owner's Apple ID password
Apple’s iMessage system, introduced in 2011, has around 300m users and replaces text, photo and video messaging over SMS, allowing users of its iPhone, iPad, iPod touch and Mac computer users to communicate over data paths rather than SMS or MMS paths. According to some reports - quoted by Quarkslab - Edward Snowden used iMessage to evade NSA surveillance.