Flaw Discovered In Apple iMessage Encryption, Reminding Us That Compelled Backdoors Are Idiotic

from the encryption-is-hard dept

One of the points that seems to be widely misunderstood by people who don't spend much time in computer security worlds, is that building secure encryption systems is really hard and almost everything has some sort of vulnerability somewhere. This is why it's a constant struggle by security researchers, cryptographers and security engineers to continually poke holes in encryption, and try to fix up and patch systems. It's also why the demand for backdoors is idiotic, because they probably already exist in some format. But purposely building in certain kinds of backdoors that can't be closed by law almost certainly blasts open much larger holes for those with nefarious intent to get in.

Case in point: over the weekend, computer science professor Matthew Green and some other researchers announced that they'd discovered a serious hole in the encryption used for Apple's iMessage platform, allowing a sophisticated hacker to access encrypted messages and pictures. And, Green, who has been vocal about the ridiculousness of the DOJ's request against Apple, notes how this is yet more evidence that the DOJ's request is a bad idea:
“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
It's worth noting that the flaw that he and his team found would not have helped the FBI get what it wants off of Syed Farook's iPhone, but it's still a reminder of just how complex cryptography currently is, at a time when people are trying to keep everyone out. Offer up any potential backdoor, and you're almost certainly blasting major holes throughout the facade.

Apple is getting ready to push out a software update that will fix the flaw shortly. And this, alone, is yet another reason why the DOJ's case is so dangerous -- since the method it wants to use to get into Farook's phone is via its capabilities to push software updates. Patching software holes is a major reason to accept regular software updates, but the FBI is now trying to co-opt that process to install unsafe code. That, in turn, may prompt people to avoid software updates altogether, which in most cases will make them less safe.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    DannyB (profile), 21 Mar 2016 @ 11:02am

    It's still not the same thing

    In this case, a software implementation can be patched to make it more secure. Or less secure.

    The issue with the FBI is that they want to conscript Apple to build something unprecedented. That can only be done because it is possible to patch the firmware of the component which holds the secret keys.

    I'm sure Apple and others are working on ways that the hardware component which keeps the secrets a secret cannot have patches. The simpler this component, the easier to get it right the first time so that patches are never needed. I don't think Apple ever believe it would need to patch this component of the system, yet it was possible.

    If the secure component that imposes the time delays and maximum bad password attempts, cannot be patched, then what will the FBI do in the future when there really is no way to fix this with a software update?

    Will the world come to an end because a few bad people can use iPhones? Probably not any more likely than if they used other devices to communicate privately.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2016 @ 11:19am

      Re: It's still not the same thing

      … what will the FBI do in the future when there really is no way to fix this with a software update?
      Nicholas Weaver claims that the baseband processor has the capability to overwrite iOS in memory.

      How the Feds Could Get Into iPhones Without Apple’s Help” by Kim Zetter, Wired, Mar 2, 2016
      “Once you have the baseband exploited you’re able to bypass all that bruteforce protection and just try all the passwords that you want,” Weaver says. “If you take over the baseband, you have the ability to write to memory, which means you can take over the running operating system. And because the phone is running but locked, you take over that running but locked operating system and now you can do what the FBI wants to do, where you just keep trying PINs against the secure enclave until you get in…So you corrupt the root operating system to say, don’t do these protections.”
      What Weaver doesn't say is that baseband processor is on physically separate silicon than the application processor. It is logically attached to the application processor by a physical, external bus.

      When an attacker has complete physical control over the hardware, the baseband processor may be physically removed from the iPhone, and another device connected in its place. That replacement device might be built by that attacker, who would then naturally have full physical and logical control over it.

      Apple might counter by encrypting and/or authenticating the signals on the external bus. But the iPhone is a battery-operated, consumer device.

      reply to this | link to this | view in chronology ]

  • identicon
    Median Wilfred, 21 Mar 2016 @ 11:13am

    Knock -on consquences of key escrow or similar

    Suppose that western civilization decides that some kind of Golden Key cryptography, and/or Legal Assistance backdoors are a Grrreat Idea(TM). I was thinking about the likely consequences of such practices.

    First, open source goes away legally. Especially open source crypto implementations - they might not have the key escrow feature or the law enforcement access feature. I believe that logically you follow this and all but the trivial open source becomes illegal or legally questionable. Do we want this? I'm certain that Microsoft, Apple and Cisco would like it.

    Second, if communications have to be decryptable on demand, with key escrow, or a "golden key" or something, then ultimately law enforcement agencies will end up randomly sampling, or even universally checking, that what looks like communications with a golden key actually comprises communications with a golden key or escrowed key, and not some other illegal form of encrypted communications. This also seems like a bad idea. Getting interoperating DES implementations was notoriously difficult - what keeps SOCA or FBI from charging some inept programmer with Illegal Cryptography just because said inept programer made a inmplementaion of some crypto algorithm that didn't do parity correctly or initiall set some, but not all bitz to zero, items not explicitly spelled out in the Official Algorithm?

    I see key escrow or golden key cryptography or mandated backdoors as ways to (maybe inadvertantly) shut down any innovation not approved by governments and/or big corporations. Am I off base here?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2016 @ 11:36am

    Eminent patch, or is it?

    Who knows if the description of the patch you are being told to expect is really the patch you are going to get....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2016 @ 11:36am

    Not the messages themselves

    They weren't able to decrypt the messages themselves. The problem appears to be that Apple used a 64 bit key to encrypt the pictures/videos. Although even that has been largely changed in iOS 9. It now uses a 256 bit key. 9.3 will probably change that as well. I'm interested to see how they did it though. Hopefully it wasn't just brute forcing a 64 bit key.

    reply to this | link to this | view in chronology ]

  • icon
    Chronno S. Trigger (profile), 21 Mar 2016 @ 11:47am

    That's something I hadn't thought of. Ripping a new back door into encryption would do irreparable damage, opening new security flaws. Hackers wouldn't even need to target the official backdoor, they can just go after the cracks around it.

    The list just keeps growing, doesn't it.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 21 Mar 2016 @ 12:29pm

    iTS ALWAYS ENTERTAINED ME

    Over many years of using computers..
    Over all the past Claims in movies and by the Gov, and telco..that everything was being hacked..

    There is allot of work, placed in MOST software to protect devices from hacking, FOR A REASON..
    Hardware can be defeated, Most times...because of 1 fact, Customer @#$@ things up and there has to be a way to reset the device, so it can be USED again.
    A hardware device that could NOT be reset, would be a BRICK if someone forget a password..

    Software always has FLAWS..If you could protect Software from every form of hacking, you would have a BLOATED SLOW piece of garbage.. The developers place code in it for testing and running around a game to see/do and do/fix STUFF, but SELDOM remove this code. And if they did, it would make it HARDER to fix/update a game or program..

    THERE ARE tricks...using augmented hardware with Good software, can protect very well, until someone figures it out.. Do not THINK, you are smarter then the person NEXT DOOR.. THINGS have to change on a regular basis to keep the system SAFE..

    DONT even think about DRM..very little of it has ever worked.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2016 @ 5:16pm

    Chosen Ciphertext Attacks on Apple iMessage

    Via Matthew Green

    Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage.
    Christina Garman, Matthew Green, Ian Miers, Gabriel Kaptchuk, Michael Rushanan.
    Abstract

    Apple’s iMessage is one of the most widely-deployed end-to-end encrypted messaging protocols. Despite its broad deployment, the encryption protocols used by iMessage have never been subjected to rigorous cryptanalysis. In this paper, we conduct a thorough analysis of iMessage to determine the security of the protocol against a variety of attacks. Our analysis shows that iMessage has significant vulnerabilities that can be exploited by a sophisticated attacker. In particular, we outline a novel chosen ciphertext attack on Huffman compressed data, which allows retrospective decryption of some iMessage payloads in less than 218 queries. The practical implication of these attacks is that any party who gains access to iMessage ciphertexts may potentially decrypt them remotely and after the fact. We additionally describe mitigations that will prevent these attacks on the protocol, without breaking backwards compatibility. Apple has deployed our mitigations in the latest iOS and OS X releases.

    reply to this | link to this | view in chronology ]

  • identicon
    Jim, 22 Mar 2016 @ 6:27am

    Huh?

    Then, awnser me this. Apple acknowledged they did the same as they were asked to do on other phones they produced. So there is a back door into the system. And they know what and where it is. Now that is security thru obscurity. But they openly acknowledged that fact. That means, to researchers, and hackers, try it. So now we have, a research paper, and a person walking into one of the offices. That's two back doors, and one of them, they may not know about. Interesting. And then the give to the Chinese, of the OS? I wonder if it's as secure as ssb short wave?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.