TY - GEN
T1 - Injection Attacks Against End-to-End Encrypted Applications
AU - Fábrega, Andrés
AU - Pérez, Carolina Ortega
AU - Namavari, Armin
AU - Nassi, Ben
AU - Agarwal, Rachit
AU - Ristenpart, Thomas
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting"adversarial content into the application state. Such state is subsequently encrypted and synchronized to an adversarially-visible storage. By observing the lengths of the resulting cloud-stored cipher-texts, the attacker backs out confidential information.We investigate this injection threat model in the context of state-of-the-art encrypted messaging applications that support E2E encrypted backups. We show proof-of-concept attacks that can recover information about E2E encrypted messages or attachments sent via WhatsApp, assuming the ability to compromise the target user's Google or Apple account (which gives access to encrypted backups). We also show weaknesses in Signal's encrypted backup design that would allow injection attacks to infer metadata including a target user's number of contacts and conversations, should the adversary somehow obtain access to the user's encrypted Signal backup.While we do not believe our results should be of immediate concern for users of these messaging applications, our results do suggest that more work is needed to build tools that enjoy strong E2E security guarantees.
AB - We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting"adversarial content into the application state. Such state is subsequently encrypted and synchronized to an adversarially-visible storage. By observing the lengths of the resulting cloud-stored cipher-texts, the attacker backs out confidential information.We investigate this injection threat model in the context of state-of-the-art encrypted messaging applications that support E2E encrypted backups. We show proof-of-concept attacks that can recover information about E2E encrypted messages or attachments sent via WhatsApp, assuming the ability to compromise the target user's Google or Apple account (which gives access to encrypted backups). We also show weaknesses in Signal's encrypted backup design that would allow injection attacks to infer metadata including a target user's number of contacts and conversations, should the adversary somehow obtain access to the user's encrypted Signal backup.While we do not believe our results should be of immediate concern for users of these messaging applications, our results do suggest that more work is needed to build tools that enjoy strong E2E security guarantees.
UR - https://www.scopus.com/pages/publications/85204031812
U2 - 10.1109/SP54263.2024.00082
DO - 10.1109/SP54263.2024.00082
M3 - Conference contribution
AN - SCOPUS:85204031812
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 2648
EP - 2665
BT - Proceedings - 45th IEEE Symposium on Security and Privacy, SP 2024
PB - Institute of Electrical and Electronics Engineers
T2 - 45th IEEE Symposium on Security and Privacy, SP 2024
Y2 - 20 May 2024 through 23 May 2024
ER -