Ryan Harijanto

Why you shouldn’t login to (personal) iMessage on your work computer

Ryan Harijanto
Security
20 0 responds read
October 9, 2017

So you got a Mac computer from work. If you’re like many Apple-product users, you use iMessage to communicate with others. You probably won’t be able to resist the temptations of logging in to iMessage from your work Mac. It’s just so convenient! Besides, what should you be worried about, iMessage is “secure”, right?

Maybe – but let’s make sure you fully understand what happens when you log in to iMessage on a Mac. Many people are not fully aware of how iMessage works. If you’re like many people, you wouldn’t want others to read your private iMessage conversations (and see attachments, including photos, others may have sent you or you may have sent others). You probably want to keep your private conversations private.

So, let me show you why you shouldn’t login to (personal) iMessage on your work computer. What you’re about to learn might surprise you 😀

The “archive”

iMessage automatically (out of the box) saves your conversations in a SQLite database file and all attachments in ~/Library/Messages (“~” means your “home” folder).

What this means is you don’t need to check “Save history when conversations are closed” (see screenshot below) option in iMessage Preferences in order for iMessage to begin saving your conversations.

Checking this box only means that conversations that you have closed will also be archived.

Things you need to know about the archive:

  • It’s NOT encrypted
  • It contains all messages/conversations
  • It contains all attachments (photos, …)
  • It’s remains on the computer even after you’ve logged out of iMessage (including remote logout).

I don’t see the “Library” folder…

That’s completely normal. It’s because the Library folder is hidden by default in your Mac. To access it, open Finder, type CMD + G and enter “~/Library”.

From there, you can open the “Messages” folder.

(Alternatively, you can type ~/Library/Messages in the dialog box to get directly to the “Messages folder.)

How to view the database file

Once you’ve navigated into ~/Library/Messages, you will see few files:

Attachments: you can just open this folder directly and view the attachments (e.g. photos) directly.

chat.db: this is a SQLite database file. You can view it using apps such as DB Browser and Base. You will then see your messages. No, it’s not encrypted 🙁

How others can (possibly) read your private conversations

Once someone has obtained the iMessage data files inside your ~/Library/Messages directory, they will be able to read your conversations (and see all attachments) using the techniques in the previous section or simply by replacing placing the iMessage data files into any Mac’s ~/Library/Messages (then restarting the Mac).

Now that we’ve established that your iMessage data is stored in your Mac in an unsecured fashion, let me walk you through situations that will allow your organization’s IT department to obtain the iMessage data files inside your ~/Library/Messages.

Backups

If your work Mac computer is set up to backs up its (user) data into a server, your IT department already has a copy of the iMessage data files in your ~/Library/Messages.

Administrator User

Typically, your organization maintains an Administrator user on your Mac. This Administrator user will be able to view all files in the system. Any files, including your ~/Library/Messages. In many cases, this doesn’t require physical access to your mac. In other words, this can be done remotely.

Solid State Drive (SSD)

Let’s say that you “wiped” your Mac before returning it to your organization. Did you know that data sanitization/wiping techniques that work on magnetic hard drives don’t work on SSD?

The only method of SSD data wiping/sanitization approved by the United States Department of Defense (US DoD) and the National Security Agency (NSA) is to physically destroy the SSD drive through smelting or shredding.

This means that unless you’ve destroyed the physical drive, it’s possible to recover your data even after you’ve “wiped” the Mac.

Remote Management Software

Many IT departments install a piece of software that makes it easier for them to perform administrative tasks, such as deliver updates, install software, deliver security patches, and many more. Sometimes, the software also allows them to monitor activities on your work computer, which include the reading of your iMessage conversations.

Wrapping Up

Now, you might ask, why would my IT department be interested in reading through my iMessage conversations? Why would anyone be interested in them?

You’ll just never know.

Either way, if you want to keep your iMessage conversations private, you should NOT login to (personal) iMessage on your work computer.

Author
Ryan Harijanto

Head of Engineering. Former Sr. Engineer @Netflix , @HotelTonight , @Shutterstock. Previously a Senior Systems Engineer at Netflix, currently technology advisor and board member for emerging companies. Diverse technological knowledge and understanding of various industries.

Leave a Reply

Your email address will not be published. Required fields are marked *