[Cryptography] Chosen Ciphertext Attacks on Apple iMessage

[Perry E. Metzger]

New paper on some cryptographic attacks on iMessage which have been
mitigated in iOS 9.3.

    Dancing on the Lip of the Volcano:
    Chosen Ciphertext Attacks on Apple iMessage

    Abstract:
    Apple's iMessage is one of the most widely-deployed
    end-to-end encrypted messaging protocols. Despite its
    broad deployment, the encryption protocols used by
    iMessage have never been subjected to rigorous cryptanalysis.
    In this paper, we conduct a thorough analysis
    of iMessage to determine the security of the protocol
    against a variety of attacks. Our analysis shows that
    iMessage has significant vulnerabilities that can be exploited
    by a sophisticated attacker. In particular, we outline
    a novel chosen ciphertext attack on Huffman compressed
    data, which allows retrospective decryption of
    some iMessage payloads in less than 218 queries. The
    practical implication of these attacks is that any party
    who gains access to iMessage ciphertexts may potentially
    decrypt them remotely and after the fact. We additionally
    describe mitigations that will prevent these attacks
    on the protocol, without breaking backwards compatibility.
    Apple has deployed our mitigations in the latest
    iOS and OS X releases.

https://isi.jhu.edu/~mgreen/imessage.pdf

-- 
Perry E. Metzger		perry at piermont.com