Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company’s claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessage.
Trust and public keys always have a problem, but the researchers noted that there's no evidence that Apple or the NSA is actually reading iMessages, but say that it's possible. "Apple has no reason to do so. But what of intelligence agencies?" he said.
The researchers were able to create a bogus certificate authority and then add it to an iPhone Keychain to proxify SSL encrypted communications to and from the device, and in the process discovered that their AppleID and password was being transmitted in clear text.
He says that since Apple controls the public key directory that gives you the public key for every user, it could perform a man-in-the-middle (MITM) attack to intercept your messages if asked to by a government agency.
A solution for Apple would be to store public keys locally in a protected database within iOS, as then the keys could be compared.