Paper 2014/168

Privacy Failures in Encrypted Messaging Services: Apple iMessage and Beyond

Scott Coull and Kevin Dyer

Abstract

Instant messaging services are quickly becoming the most dominant form of communication among consumers around the world. Apple iMessage, for example, handles over 2 billion message each day, while WhatsApp claims 16 billion messages from 400 million international users. To protect user privacy, these services typically implement end-to-end and transport layer encryption, which are meant to make eavesdropping infeasible even for the service providers themselves. In this paper, however, we show that it is possible for an eavesdropper to learn information about user actions, the language of messages, and even the length of those messages with greater than 96% accuracy despite the use of state-of-the-art encryption technologies simply by observing the sizes of encrypted packet. While our evaluation focuses on Apple iMessage, the attacks are completely generic and we show how they can be applied to many popular messaging services, including WhatsApp, Viber, and Telegram.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
privacyimessageinstant messagingtraffic analysis
Contact author(s)
scott coull @ redjack com
History
2014-03-03: received
Short URL
https://ia.cr/2014/168
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/168,
      author = {Scott Coull and Kevin Dyer},
      title = {Privacy Failures in Encrypted Messaging Services:  Apple iMessage and Beyond},
      howpublished = {Cryptology ePrint Archive, Paper 2014/168},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/168}},
      url = {https://eprint.iacr.org/2014/168}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.