Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption IOS Security Apple

Serious Flaws In iMessage Crypto Allow For Message Decryption (onthewire.io) 43

Posted by msmash from the security-woes dept.
Reader Trailrunner7 writes: New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on its iMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim's past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its inner workings have not been made available to outsiders. One of the key things that is known about the system is that messages are encrypted from end to end and Apple has said that it does not have the ability to decrypt users' messages. The researchers at JHU, led by Matthew Green, a professor of computer science at the school, reverse engineered the iMessage protocol and discovered that Apple made some mistakes in its encryption implementation that could allow an attacker who has access to encrypted messages to decrypt them.The team discovered that Apple doesn't rotate encryption keys at regular intervals (most encryption protocols such as OTR and Signal do). This means that the same attack can be used on iMessage historical data, which is often backed up inside iCloud. Apple was notified of the issue as early as November 2015 and it rolled out a patch for the iMessage protocol in iOS 9.3 and OS X 10.11.4.
This discussion has been archived. No new comments can be posted.

Serious Flaws In iMessage Crypto Allow For Message Decryption More

Serious Flaws In iMessage Crypto Allow For Message Decryption

Comments Filter:

  • So, if Apple "rolled out a patch" for this ... (Score:5, Insightful)

    by DaveyJJ ( 1198633 ) on Monday August 15, 2016 @03:23PM (#52706795) Homepage
    Shouldn't the headline more accurately read "Serious Flaws In iMessage Crypto Used To Allow For Message Decryption, But Don't Anymore"? Or am I missing something?

    • Re: (Score:1)

      by Anonymous Coward

      From the article:

      Apple has been aware of the vulnerabilities in iMessage since November, when the JHU researchers reported them privately. The company has fixed the issues in recent iOS releases.

      So yes, you're right: "Apple patches serious flaws in iMessage crypto" would have made a better headline, but, you know, it's Slashdot. If it's not a click-baity headline chock full of Slashtard trigger words, nobody would comment. Or even read TFS.

      What's even better is that this news is LITERALLY 5 months old -

      • I admit, I didn't click on your link to the fix documentation, so I'm not sure what apple said about the bug when it was patched. Usually the patch needs to be out in the wild for a little while before disclosing it, so the majority of users are protected before hackers get a chance to exploit it. Therefore it may have been 4 months from notice to apple, to patch from apple, which is great. It may have also been a few more months between patch release and disclosure, so > 50% of users are already immune.

      • If it's not a click-baity headline chock full of Slashtard trigger words, nobody would comment.

        Johns Hopkins researchers told Apple about a serious security problem... and you won't believe what happened next!

        Number six will blow your mind!

      • From the article:

        Apple has been aware of the vulnerabilities in iMessage since November, when the JHU researchers reported them privately. The company has fixed the issues in recent iOS releases.

        So yes, you're right: "Apple patches serious flaws in iMessage crypto" would have made a better headline, but, you know, it's Slashdot. If it's not a click-baity headline chock full of Slashtard trigger words, nobody would comment. Or even read TFS.

        What's even better is that this news is LITERALLY 5 months old - OS X 10.11.4, which contained this fix (https://support.apple.com/en-us/HT206167), was released on March 21, 2016. The summary and the article make it sound like Apple's been sitting on this stuff for a year. In actuality, rolling out the security patch took them about 4 months, start to finish. Not the 9 months TFA and TFS imply.

        And in related news - my comment is more informative than both Slashdot and "OnTheWire" were able to be. As a software engineer, I have zero qualifications or training to be a reporter. Yet I managed to provide more factual information in this discussion than the "reporters" did with their "reporting." At what point did we stop expecting even rudimentary fact checking and accuracy in our "News"?

        There aren't any standards left in journalism these days. The "News" is scripted entertainment. Facts are sometimes reported when they fit into the script.

    • Looks like old messages can still be decrypted. So, I guess the answer is yes/no depending on what messages you want to look at.

    • As the historical data is still sitting their I would think their is a whole raft of data still vulnerable so while it may not affect new messages it means everything done previously is still potentially exposed or did they decrypt it all and reencrypt it?

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      It's only fixed on devices running iOS 9.3 and OS X 10.11.4. Anything too old or that didn't upgrade for other reasons like performance is still vulnerable. I doubt that the client warns you that you are chatting to a known insecure peer either.

      This is the problem with building apps into your OS. It's much better to have them update asynchronously, and degrade gracefully to older API versions or at least pop up warnings/refuse to run with older versions.

    • Re: (Score:2)

      by allo ( 1728082 )

      Because not everybody installed it, yet?

  • I'm quite surprised the iMessage team would go to the effort of implementing end-to-end encryption without being familiar with the basics like perfect forward secrecy.

    • End to end encryption is part of a marketing strategy. They aren't out to protect your privacy for some personal mission. They're selling iPhones, and this feature helped sell iPhones. It took this long for anyone to see this shortcut, and I'm sure there are others, which is why iMessage is opaque.

      That said, it reminds me of the password manager debate. Strictly speaking, it's insane to put all your passwords in one place and secure it with one master password. But in practice it actually increases security

  • Not a mistake? (Score:3)

    by slowdeath ( 2836529 ) on Monday August 15, 2016 @03:36PM (#52706885)

    Maybe it is not a 'mistake' but rather an obfuscated backdoor?

  • And? (Score:3)

    by Dan East ( 318230 ) on Monday August 15, 2016 @03:41PM (#52706917) Journal

    So if I understand this correctly, this simply means that *if* an attacker can brute-force a key and decrypt messages between two individuals, then they can also go back and decrypt past messages further back than the author of this article thinks they should be able to? If that's the case, then if an entity has the processing power and skill to brute force the key in the first place, the fact that they have to be bothered to do it again X number of times isn't exactly reassuring. If they want to access your messages bad enough to spend the computational resources and they can brute force them at all, having to do it several more times to access historical data is pretty trivial.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      They also found a know ciphertext attack that reduces the effort needed to brute force messages to something manageable on a desktop PC. If they can take your device off you they can execute the attack and decrypt all the previous messages.

      It's more of a state sponsored oppression thing where someone like the NSA or GCHQ would do it, but it's still a vulnerability and something worth fixing.

  • So how many of those iMessage flaws are because they need to allow for backwards compatibility between newer and older devices? And how many can they fix before they start breaking older devices?

    (I'm sure the moment they do, everyone will cry out for iPhone 4 (circa 2010) users who can no longer use iMessage that Apple is forcing them to upgrade their phones. Or whatever the oldest phone that can run iMessage is. Then the class action lawsuits get filed...).

  • Y'all better let your drug dealers... errr... I mean "unlicensed pharmacists" know about this as soon as possible.... ;-)

  • Not perfect but not "serious" (Score:3)

    by seoras ( 147590 ) on Monday August 15, 2016 @04:28PM (#52707251)

    Read the paper.
    https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garman.pdf

    Quote "Overall, our determination is that while iMessage’s end-to-end encryption protocol is an improvement over systems that use encryption on network traffic only (e.g., Google Hangouts), messages sent through iMessage may not be secure against sophisticated adversaries."

    The attacker requires stolen TLS certificates or by gaining access to Apple's servers.
    Serious? No. All systems are flawed in someway and are breakable to that extent.

Slashdot Top Deals

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Close