Sending blank `m.room.encryption` on iOS will disable encryption
Package
element-iOS
(iOS)
Affected versions
<= 1.6.9
Patched versions
0.6.10
matrix-ios-kit
(iOS)
<= 0.6.11
None. It is deprecated
matrix-ios-sdk
(iOS)
<= 0.20.13
0.20.14
Impact
Matrix clients based on the Matrix iOS SDK before 0.20.14 can be forced to send unencrypted messages in an end-to-end encrypted room, without warning the user that this is happening.
This is possible by sending a blank
m.room.encryption
state event. Sending such an event requires room admin privileges so the attack can only be performed by a room or server admin.Patches
The patch is available in MatrixSDK 0.20.14 and Element-iOS 0.6.10.
Workarounds
Since non-iOS clients are not affected, the attack can be noticed from other devices signed into the same account.
For more information
If you have any questions or comments about this advisory, e-mail us at security@matrix.org.