(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Apple will apparently adopt #RCS end-to-end #encryption in 2024 to solve various monopoly and user issues with respect to Android; we can’t tell if RCS is truly worthy of the description #EndToEndEncr

2023-11-16 20:37:35+00:00

So this was published in The Verge:

“Later next year, we will be adding support for RCS Universal Profile, the standard as currently published by the GSM Association,” an Apple spokesperson tells 9to5Mac. “We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS. This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users.” https://www.theverge.com/2023/11/16/23964171/apple-iphone-rcs-support

Apple are being diplomatic, even snarky, but I do feel that people (especially cryptographers) are not yet adequately interested in this.

We would all benefit from more academic and red-team decompilation / analysis / interest into finding out how RCS has been implemented.

Context

There is no adequate technical definition of end-to-end encryption available, so a few years ago I created one using the retrospectively obvious metric that:

“the ends are the participants, and if even 1 single bit of any message content can ever become known to people who are not decided participants of a conversation (other than by hacking any bits of a participant’s system that they simply fundamentally trust) then there has been a leak via the messenger system and it is not end-to-end secure.” The Duck Test for End-to-End Secure Messaging

There is a lot more of this thinking in an accompanying video and in a short primer on the topic, if you are so inclined.

There are many opportunities for content to leak outside of the user’s “Trusted Computing Base.”

When discussing Signal end-to-end encryption, the entire Signal source code is available to the world and there are white papers discussing the architecture, and also the algorithms which it implements. There are Wikipedia pages, even. We know how it works.

When discussing WhatsApp end-to-end encryption, there are white papers discussing the architecture. People quite regularly reverse-engineer most of it. We are pretty sure that we know how it works.

Likewise Facebook Messenger Secret Conversations end-to-end encrypted feature has descriptive white papers; and with the upcoming migration of all of Messenger to a new E2EE architecture, we expect (will demand, will decompile) more information. Likewise, we are pretty sure that we know how Messenger works.

And of course iMessage is well-described and like the others there are research papers written about it (for example) and its strengths/weaknesses.

But what do we have, for RCS?

RCS is a global standard that seeks to achieve many things; the end-to-end encryption is wholly Google’s addition to that standard. Quoth Wikipedia:

In response to concerns over the lack of end-to-end encryption in RCS, Google stated that it would only retain message data in transit until it is delivered to the recipient. In November 2020, Google later announced that it would begin to roll out end-to-end encryption for one-on-one conversations between Messages users, beginning with the beta version of the app. In December 2020, Samsung updated its Samsung Experience messages app to also allow users to opt into RCS. Google added end-to-end encryption to their Messages app using the Signal Protocol as the default option for one-on-one RCS conversations starting in June 2021. In December 2022, end-to-end encryption was added to group chats in the Google Messages app for beta users and was made available to all users in early 2023. https://en.wikipedia.org/wiki/Rich_Communication_Services#History

This all sounds great; so why is Apple apparently being cagey with its statement that “iMessage… will continue to be the best and most secure messaging experience for Apple users”?

Is this just politics? What does this mean for iMessage? Will an RCS user in an iMessage group chat, downgrade or compromise security of the group overall? And how does RCS fit into the larger ecosystem?

I don’t know. I think we need more documentation.

But if interoperability is on the horizon we will need insight into how communications end-to-end security (rather than “mere” cryptography) is maintained, for instance a better grasp of the risk of content leakage in notifications, and the handling of metadata proliferation & garnishment like secure and private generation of thumbnail previews.

Recap
[END]

[1] URL: https://alecmuffett.com/article/108350
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.