It is currently 23-10-2017 01:48

A vulnerability in Apple's iMessage allows you to access correspondence users

A vulnerability in Apple's iMessage allows you to access correspondence users

by sigismund » 2016-08-16 12:26:57


Operation problem involves the use of a fake TLS certificate or the hack of Apple's servers.


A team of researchers from Johns Hopkins University (USA) found a number of vulnerabilities in the implementation of the encryption algorithm in the messenger Apple iMessage, one of which allows you to get access to the correspondence users.

For the operation problem, the experts used developed attack Ciphertext attack, assuming the interception of communications by means of fake TLS certificate or the hack of Apple's servers.

Another vulnerability exists in the mechanism of registration and exchange of keys iMessage. This mechanism uses centralized IDS server under the control of the company. Any attacker with access to the server can carry out an attack "man in the middle" and intercept the custom message. According to the researchers, the current version of the client iMessage there are no mechanisms that allow users to compare or to verify the authenticity of keys received from the server.

As experts believe, the same techniques can be used to intercept data transmitted through the service Apple Handoff via Bluetooth because the encryption OpenPGP (GnuPGP) may also be vulnerable to such attacks.

Experts have informed Apple about the vulnerability in November last year. The company has already released the corresponding patches in the composition of the updates for iOS and OS X (10.11.4).
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5