Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Bug Encryption IOS Iphone Privacy Software Apple

iMessage Bug Allows Attackers to Decrypt Photos and Videos 27

Researchers at John Hopkins University have found a bug in the instant messaging client iMessage which, if exploited, could allow an attacker to decrypt photos and videos sent as secured messages. "Even Apple, with all their skills -- and they have terrific cryptographers -- wasn't able to quite get this right," said Matthew D. Green, whose team of graduate students at the aforementioned university found the bug. "So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right." Apple acknowledged the bug to The Washington Post, adding that it had "partially" fixed the glitch with iOS 9 software update last year. The company assures that it will be offering a complete patch for the bug with iOS 9.3, which will be released on Monday.
This discussion has been archived. No new comments can be posted.

iMessage Bug Allows Attackers to Decrypt Photos and Videos

Comments Filter:
  • by Anonymous Coward

    Short on details.

    Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.

    Was it -really- operating like the launch codes in Wargames? "The phone accepted it" is pretty ambiguous.

    • by Anonymous Coward on Monday March 21, 2016 @12:23PM (#51744433)

      Came here to post this. I am sick of articles on encryption that talk "about" the flaw, instead of saying what it actually was. This is a tech site, so articles that say "Using high-speed computing, researchers were able to do some scary math and break the encryption." If it doesn't link to CERT, or say "A timing attack was used to guess digits of the key" then it doesn't belong on Slashdot.

      That said, here is a guess, based on the limited information in the article:

      To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

      So they got the network traffic, but without Apple's private keys all they could do is see the encrypted data. 64 hex digits = 256 bits. The whole part about mimicking an Apple server us unclear. It sounds like they did a MITM, which shouldn't be possible if Apple is checking the certificates. But if the MITM was successful, why didn't they get the key? No matter...

      Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.

      So they used a timing attack against the phone to guess at the key, by changing one hex digit (or maybe one bit) at a time. Timing attacks are known to work this way, and many crypto libraries randomize the time it takes to decrypt to fix this.

      To prevent the attack from working, users should update their devices to iOS 9.3.

      So the bug is already known and fixed. I wonder if the fix was the certs to prevent the MITM, or the fix to the timing attack, or both.

      • by plover ( 150551 )

        I wonder if it's a variant of the CRIME [wikipedia.org] attack, where the attacker iteratively observes the success or failure of compression based on fuzzing the inputs, tail first. But those attacks just recover the encrypted data, and don't reveal anything about the key. Don't know yet -- maybe the article is just poorly written, and they aren't actually decrypting the photos, they're just recovering them.

        Spoofing the Apple servers is plausible if the iMessage app isn't using pinned certificates. That would be really

    • They haven't released the details yet. Responsible disclosure or something.
      Looks like it requires a MITM and only works for intercepting pictures send over iMessage?

      That's about all I can see, but I don't trust them until they release a metasploit module.
    • One byte at a time and see if the other end "accepts" it sounds like a padding oracle attack. Those are in vogue now also.

      The padding oracle works with cbc ciphers where there is a padding check before the actual decryption. You change on byte and see whether you get a padding error. If the byte is correct, you don't get the padding error. When you've found one byte, move on to the next byte.

  • are designed and built by humans - they have bugs in them...get over it.
  • The company assures that it will be offering a complete patch for the bug with iOS 9.3, which will be released on Monday.

    And to everybody else who are still user older devices: fuck you!

    Seriously, can't they update the older iOS versions? Or are the FBI/CIA/NSA preventing them from doing so?

  • Sounds like this researcher only wants to make headlines. Encrypting your OS and device won't ever protect you from an application that has a security flaw. Encryption protects a user at the physical level. We all know the saying that if you can get console access you're compromised. Not the case with encryption. Nor is it the case with the imessage app. I'd like to see them break into a phone when they can't unlock it.

Sometimes, too long is too long. - Joe Crowe

Working...