Apple iMessage vulnerable to MITM attack

Pierluigi Paganini October 19, 2013

Quarkslab researchers Cyril Cattiaux has revealed Apple lied when it claimed it could not intercept iMessages sent by its users.

Quarkslab researchers Cyril Cattiaux revealed that it is possible to break encryption implemented in Apple’s iMessage application due the presence of a weakness in the key management process. The announcement was made during  the Hack in the Box conference in Malaysia this week.
Cattiaux, aka pod2g, is known because it has developed a iOS jailbreak, this time they sustain that iMessage encryption is vulnerable to eavesdropping attack despite Apple always declared a secure end-to-end encryption.

“For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data,” Apple declared in a statement on its website.

According the researchers Apple is able to access the content of iMessage app changing the key anytime they need, it should be noted that they confirm there’s no evidence that Apple or the NSA are analyzing also iMessage content despite it is technically possible.

“Apple’s claim that they can’t read end-to-end encrypted iMessage is definitely not true,” they said. Apple has no reason to do so. But what of intelligence agencies?” they said.

It is clear the reference to the case PRISM and the revelation made by Snowden on the collaboration offered by Apple to NSA for surveillance activities. When the user sends a iMessage to someone, he takes the receiver’s public key from Apple, and encrypts the message. Once the message is received by  recipient he is able to decrypt the message with his private key according classic asymmetric encryption scheme. Apple acts as a Certification Authority of any PKI architecture, public keys were managed on a server called ESS that could be not publicly inspected. The researchers created its own bogus Certification Authority and inserted its reference into the iPhone Keychain to be able to access to SSL encrypted traffic acting as a proxy. Cattiaux noted that Apple ID and password was being transmitted in clear text during iMessage transmission. Apple actually controls public key repository this means that it could perform a MITM to intercept users’ messages.

iMessage mitm

They exploited the lack of mechanisms to tell devices to trust a given certificate,  for PUSH and iMessage servers, allowing a fake certificate authority to be added to the user Keychain.   iMessage MITM

“Firstly, it means that Apple [and intelligence agencies] can replay our password using for instance our email on many websites. Secondly, it also means that anyone capable of adding a certificate and able to [proxy] the communications can get user’s Apple ID and password, thus get access to include accounts, backups” and app purchasing.

There is the concrete risks that enterprise IT managers when assigning Apple devices with mobile device management platforms could intercept sensitive Apple user account details including iCloud usernames and passwords.

“If the device is connected to iPhone Configuration Utility, Apple’s enterprise solution for management of iPhones, a trusted CA (Certificate Authority) is added. The consequence is that all subsequent certificates signed by that CA will be trusted to create the SSL communication. It means all companies using that are able to retrieve their employee’s AppleID and password by simply [proxying] the SSL communication.”

A possible implementation that could dispel the doubts about the good faith of Apple is to store user’s public keys locally within iOS, avoiding centralized management by Apple.

I suggest to read the interesting analysis published in the blog post of the researchers.

Pierluigi Paganini

(Security Affairs –  Apple, Privacy, iMessage)

you might also like

leave a comment