CVE-2022-39257 is a medium-severity vulnerability affecting the matrix-ios-sdk, a software development kit used to build iOS applications compatible with the Matrix decentralized communication protocol. The vulnerability stems from an insecure key exchange mechanism lacking proper entity authentication, classified under CWE-322 (Key Exchange without Entity Authentication) and CWE-287 (Improper Authentication). Prior to version 0.23.19, the matrix-ios-sdk implemented an overly permissive key forwarding policy. This allowed a malicious homeserver, in collusion with an attacker, to forward encryption keys that appeared to originate from a different user. Consequently, the attacker could craft messages that seem to be sent by another person. On some client platforms, these forged messages are marked with a grey shield to indicate potential untrustworthiness; however, this visual warning may be absent on other platforms, increasing the risk of deception. The root cause is the SDK's acceptance of forwarded keys without verifying that they were sent in response to a legitimate request and without confirming that the keys originated from verified devices owned by the user. In version 0.23.19, the SDK introduced stricter policies: it now only accepts forwarded keys if they respond to prior requests and come from the user's own verified devices. Additionally, the SDK sets a 'trusted' flag on decrypted messages based on the trustworthiness of the key source. Client applications are responsible for visually indicating when messages are decrypted with untrusted keys, for example, by showing warnings. Exploitation requires coordination between a malicious homeserver and an attacker, meaning that users who trust their homeservers are not at risk. There are no known exploits in the wild, and no CVSS score has been assigned to this vulnerability.

For European organizations using iOS applications built on vulnerable versions of matrix-ios-sdk, this vulnerability poses a risk to message authenticity and integrity. An attacker controlling or cooperating with a malicious homeserver could impersonate legitimate users by injecting forged messages, potentially leading to misinformation, social engineering attacks, or unauthorized disclosure of sensitive information. The lack of consistent visual warnings across platforms increases the likelihood of successful deception. Confidentiality is not directly compromised since the attacker does not gain access to message content without keys, but integrity and authenticity are undermined. This could impact sectors relying on secure communications, such as government, finance, healthcare, and critical infrastructure operators. The decentralized nature of Matrix means that organizations running their own homeservers or using trusted homeservers are less vulnerable, but those relying on third-party or less trusted homeservers face higher risks. The attack requires a malicious or compromised homeserver, so organizations with strict server governance and monitoring are better protected. Overall, the vulnerability could facilitate targeted impersonation attacks, eroding trust in communication channels and potentially enabling further exploitation through social engineering or misinformation campaigns.

European organizations should ensure that all iOS applications using matrix-ios-sdk are updated to version 0.23.19 or later, which enforces stricter key forwarding policies and entity authentication. Developers should audit their applications to verify that they properly handle the 'trusted' flag on decrypted messages and provide clear, consistent visual indicators or warnings when messages are decrypted with untrusted keys. Organizations operating their own homeservers should implement rigorous security controls to prevent compromise or misuse, including regular security audits, monitoring for anomalous key forwarding behavior, and enforcing strict access controls. For third-party homeservers, organizations should assess the trustworthiness and security posture of the providers before use. Additionally, user education is important to raise awareness about potential forged messages and the significance of visual warnings. Implementing end-to-end encryption verification mechanisms and cross-device key verification can further reduce risks. Finally, integrating logging and alerting for unusual key forwarding or message patterns can help detect attempted exploitation early.