element-ios icon indicating copy to clipboard operation
element-ios copied to clipboard

Published 20 hours ago verified publisher icon element-hq

Don't store last message unencrypted in MXCoreDataRoomSummaryStore

Open Johennes opened this issue 1 year ago • 2 comments

Your use case

What would you like to do?

MXRoomLastMessage contains properties for the last message in a room.

/**
 String representation of this last message.
 */
@property (nonatomic, copy, nullable) NSString *text;
@property (nonatomic, copy, nullable) NSAttributedString *attributedText;

These end up being stored unencrypted in MXCoreDataRoomSummaryStore. This should be avoided.

Why would you like to do it?

Because otherwise an attacker with file system access could retrieve the last message of an encrypted room.

How would you like to achieve it?

Instead of storing the clear text, we should either only store event ID and resolve the text on demand (possibly not performant) or encrypt the text with a global key stored in the keychain.

Have you considered any alternatives?

No response

Additional context

No response

Johennes avatar Sep 08 '22 06:09 Johennes

This extra security level is for a customer who:

  • does not trust the OS and its keychain
  • blocks the app on jailbroken devices

In the normal context, we rely on the encrypted storage offered by the system.

manuroe avatar Sep 08 '22 07:09 manuroe

We should work on it post EIX BBQ alpha in October.

manuroe avatar Sep 08 '22 08:09 manuroe

Duplicate of https://github.com/vector-im/element-ios/issues/7358

Johennes avatar Feb 10 '23 09:02 Johennes