[Cryptography] Chosen Ciphertext Attacks on Apple iMessage
Perry E. Metzger
perry at piermont.com
Tue Mar 22 13:58:24 EDT 2016
New paper on some cryptographic attacks on iMessage which have been
mitigated in iOS 9.3.
Dancing on the Lip of the Volcano:
Chosen Ciphertext Attacks on Apple iMessage
Abstract:
Apple's iMessage is one of the most widely-deployed
end-to-end encrypted messaging protocols. Despite its
broad deployment, the encryption protocols used by
iMessage have never been subjected to rigorous cryptanalysis.
In this paper, we conduct a thorough analysis
of iMessage to determine the security of the protocol
against a variety of attacks. Our analysis shows that
iMessage has significant vulnerabilities that can be exploited
by a sophisticated attacker. In particular, we outline
a novel chosen ciphertext attack on Huffman compressed
data, which allows retrospective decryption of
some iMessage payloads in less than 218 queries. The
practical implication of these attacks is that any party
who gains access to iMessage ciphertexts may potentially
decrypt them remotely and after the fact. We additionally
describe mitigations that will prevent these attacks
on the protocol, without breaking backwards compatibility.
Apple has deployed our mitigations in the latest
iOS and OS X releases.
https://isi.jhu.edu/~mgreen/imessage.pdf
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list