iMessage is not so safe after all -


Post Top Ad

Post Top Ad

Monday, 15 August 2016

iMessage is not so safe after all

Apple has implemented a series of defenses short and long term your iMessage protocol after several vulnerabilities were discovered by a team of researchers at Johns Hopkins University.

This attack is different from what researchers at Johns Hopkins University have discovered in March, as this allowed an attacker to decrypt photos and videos sent by iMessage.

The technical paper reports on how another method known as a "ciphertext attack" allowed them retrospectively decrypt certain types of useful elements and attachments when the sender or the receiver is still online.

The scenario requires the attacker intercepts messages using TLS certificate or stolen access to Apple's servers.

Overall, our determination is that while the encryption protocol end-to-end iMessage is an improvement over systems using encryption only network traffic (for example, Google Hangouts), messages sent through iMessage they may not be secure against sophisticated adversaries.


The team also discovered that Apple does not process the encryption keys at regular intervals, the way they do modern encryption protocols such as Signal and OTR. This means that you can use the same attack on historical data of iMessage, which often are backed up in iCloud.

Investigators believe the attack could also be used in other protocols that use the same encryption format as Apple Handoff feature that transfers data between devices via Bluetooth.

Apple was notified of the matter as soon as possible (November 2015) and as a result had patched protocol iMessage in iOS 9.3 and OS X 10.11.4.

However, long-term recommendation of the team, is that Apple must replace the encryption mechanism iMessage with one that eliminates the weaknesses in the distribution mechanism based protocol.

No comments:

Post a Comment

Post Top Ad