Various s types of defenses, both short and long-term, were added to the apple’s imessage protocols because of the private disclosure of certain anomalies by Christina Garman, leader of a team which included Matthew Green, a famous cryptographer, from the Johns Hopkins University.
The Use nix Security Symposium was graced by the research team’s discoveries. Last march, this same research had been the source of several articles and writings in the international press, about a zero-day in the imessage [protocol which had given crackers the awaited opportunity to decrypt videos and Images which had been sent through the imessage apps.
The team’s research reveals that one can retrospectively decrypt certain imessage payloads and attachments, provided either the sender or the receiver is using the internet at that moment. They believe that such an attack can be pulled off pretty discreetly. Though it requires a high level of intellect and knowledge, state-sponsored actors can easily do it. Besides, several flaws were also revealed regarding imessage’s registration and key distribution mechanisms.
In order to successfully attack the apple’s imessage encryption, the cracker must steal the TLS certificates to intercept imessage traffic or to get access to the imessage servers. The research team had even reverse- engineered the imessage protocol which led them to the conclusion that apple is not very efficient when it comes to the rotation of the encryption keys at regular intervals. The imessage historical data, stored in the server, can be attacked the same way by the attackers. But, only the gzip compressed data can be decrypted and because of this the research team named their attack the Gzip Format Oracle Attack.
It’s believed by the researchers that any protocol handling gzip format data can be attacked in the same way. Though the researchers believe that such susceptible flaws can be easily removed but, it’s big time that Apple gives a thought about replacing its imessage encryption mechanism in order to avoid any problems in the near future.