CVE-2022-39255 is a vulnerability identified in the matrix-ios-sdk, a software development kit used to build iOS applications compatible with the Matrix decentralized communication protocol. The vulnerability arises from a key exchange process lacking entity authentication, specifically due to a protocol confusion issue where the SDK accepts to-device messages encrypted with the Megolm protocol instead of the intended Olm protocol. This flaw allows a malicious homeserver, in cooperation with an attacker, to craft messages that appear to originate from a different user without any visual indication such as a grey shield warning. More critically, this can enable targeted attacks where fake to-device messages are sent, potentially injecting malicious key backup secrets during self-verification processes. This could cause a targeted device to use a maliciously spoofed key backup, compromising the confidentiality and integrity of encrypted communications. The vulnerability affects all versions of matrix-ios-sdk prior to 0.23.19, which introduced a fix by restricting accepted to-device messages to those encrypted with Olm and auditing additional security checks. Exploitation requires coordination with a malicious homeserver, meaning that users who trust their homeservers are not at risk. However, users are advised to avoid verifying new logins via emoji or QR code methods until patched to prevent malicious backup attacks. No known exploits are currently reported in the wild. The vulnerability is categorized under CWE-322 (Key Exchange without Entity Authentication) and CWE-287 (Improper Authentication), highlighting the authentication weaknesses in the key exchange process that enable impersonation and message spoofing.

For European organizations using iOS applications built on the matrix-ios-sdk, this vulnerability poses a significant risk to the confidentiality and integrity of their communications. Since Matrix is often employed for secure messaging and collaboration, an attacker controlling or compromising a homeserver could impersonate users, inject malicious keys, and intercept or manipulate encrypted messages. This could lead to unauthorized data disclosure, loss of trust in communication channels, and potential lateral movement within organizational networks. The ability to spoof messages without detection undermines the security assurances of end-to-end encryption, potentially exposing sensitive business or personal information. Although exploitation requires a malicious homeserver, organizations relying on third-party or self-hosted homeservers must ensure their infrastructure is secure and trustworthy. The vulnerability could be particularly impactful for sectors with high confidentiality requirements such as government, finance, healthcare, and critical infrastructure operators across Europe. Additionally, the attack vector involving key backup manipulation could result in persistent compromise of user devices, complicating incident response and recovery efforts.

1. Upgrade all instances of matrix-ios-sdk to version 0.23.19 or later to ensure acceptance of only Olm-encrypted to-device messages and benefit from additional security checks. 2. Audit and verify the trustworthiness of homeservers used within the organization; avoid using or connecting to untrusted or third-party homeservers without proper security assessments. 3. Temporarily disable or avoid using emoji or QR code verification methods for new device logins until the patch is applied to prevent malicious key backup injection. 4. Implement network monitoring and anomaly detection to identify unusual message patterns or unexpected key backup activities that could indicate exploitation attempts. 5. Educate users about the risks of verifying new devices in untrusted environments and encourage reporting of suspicious communication behavior. 6. For organizations hosting their own homeservers, ensure strict access controls, regular security audits, and timely patching to prevent server compromise. 7. Consider deploying additional cryptographic verification layers or out-of-band verification methods to supplement Matrix’s built-in mechanisms, especially for high-value communications.