The American cryptographer Matthew Green has just reported a zero-day flaw in Apple’s iMessage, and probably in other online Apple services.
Apparently, the flaw lets a determined hacker shake loose photos and videos sent via Apple’s iMessage service by figuring out the needed cryptographic secrets bit-by-bit, photo-by-photo.
This means that it is not a trivial attack, it doesn’t break open any of your Apple accounts to give open access to crooks, and it doesn’t let a hacker download all your digital treasures in one go.
“As far as we can see, you get one photo or video each time you mount the attack, about which the abovementioned”, Ian Miers wrote, “you have 14 hours to guess what the attack is.”
Miers posted this tweet about 8 hours ago, so probably he means that Apple’s fix is coming out today, because the team’s paper will intentionally only be published after Apple ships its patch.
Also, Miers wrote that “[t]he attack is more interesting than just attachments and affected more than just iMessage. Apple had to fix other apps, but won’t say what.”
Meanwhile, Green stated:
“To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo. Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times. And we kept doing that,” Green said, “until we had the key.”
For instance, to open a 5-lever barrel lock – the sort of lock found on many suburban doors – a hacker who wants to pick it has to lift 5 individual locking pins to specific, individual heights inside the barrel, freeing it up so it can turn.
Alongside masses of time, huge amounts of care and precision, and lots of immensely frustrating fiddling, he could try tens of thousands of different combinations until he hit the jackpot, provided he didn’t slip, or lose grip, or miss any of those combinations along the way.
Though, an experienced lock-picker can open a lock of that sort in minutes, and sometimes even seconds, by using feedback from the lock’s own mechanism to feel when each pin reaches the right position.
He solves the position problem by for the first pin individually, using rotational force on the lock to gauge when he’s right, and then to hold the pin in place.
After that he repeats his fiddling for the the second pin, and the third, and so on until the lock pops open. (Older locks are usually easier to pick because they wear our internally, so the pins “stick” in their righftul positions more readily.)
So, the lock-picker started with a multiplicative problem, with five pins each in six different positions multiplied out in any combination, and turned it into an additive problem, with five pins each solved for position one-at-a-time.
The difference in approach in our lock-picking example turns the complexity of the solution into 6+6+6+6+6 (a maximum of six choices for five pins individually) instead of 6×6×6×6×6 (six choices for all five pins tried simultaneously).
Of course, the attack mounted by Green was almost certainly not as simplistic as picking a worn-out barrel lock.
But it might have some similarities: current reports suggest that some sort of feedback about individual key bits could be extracted one-at-a-time, thus turning an attack that was supposed to require unachievable zillions of guesses into one that was feasible.
Obviously, the fix is in iOS 9.3 Beta, so you’ll be able to learn about the problem and fix it at the same time when the next iOs update comes out.
