Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy

Messenger Billed as Better Than Signal is Riddled With Vulnerabilities (arstechnica.com) 32

Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy "no other chat service" can offer. From a report: Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta's WhatsApp messenger. It's among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."

This discussion has been archived. No new comments can be posted.

Messenger Billed as Better Than Signal is Riddled With Vulnerabilities

Comments Filter:
  • Stupid headline (Score:5, Insightful)

    by thegarbz ( 1787294 ) on Wednesday January 11, 2023 @11:47AM (#63199314)

    Can editors please write headlines that don't confuse the heck out of anything? "Messenger" is a trademark name for a product by Slashdot's favourite company Facebook, Meta, whatever they want to call themselves. Don't write "Messenger" when you mean "An Instant Messaging App" or just write "Threema" in the headline since it's explained in the first line of TFS anyway.

    • It is confusing, mostly because FaceBork picked a generic name for their specific product. A product that is on a decline sharper than ICQ's.

      • It is confusing, mostly because FaceBork picked a generic name for their specific product.

        Of course. Love or hate the toxic shit of a company but it's a really good business practice to try and equate a generic term with your specific brand especially when that term is descriptive.

        A product that is on a decline sharper than ICQ's.

        Citation Required. And for that I mean actual messenger numbers. A lot of people I know dropped Facebook, they all still use Messenger to communicate because messaging apps have a far more important quality than some concept of whether a the owners of the company are good vs evil, they exist because people we want to c

    • If they meant the Meta app, they would have written "Messenger (tm)". I mean, we can trust Slashdot editors to flag all registered trademarks, right? Right?!
      (But the real problem is the US trademark office allowing existing words to be used as trademarks and product names.)

  • Its the reputation (Score:4, Insightful)

    by mr.dreadful ( 758768 ) on Wednesday January 11, 2023 @11:51AM (#63199328)
    Since these platforms are largely black boxes, I'll stick with Signal. I think I understand Moxie's motives and the software is open source, so prove me to me that your: a)trustworthy b)trustworthy or why should I switch?
    • You might be right. Also, Moxie might be a CIA cartoon character. Hard to tell the difference.
    • Moxie is no longer at the helm. Just so you know...

      • > Moxie is no longer at the helm. Just so you know...

        They have a staff now.

        It was insane how he was running the entire infrastructure himself plus doing most of the coding.

  • And again... (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Wednesday January 11, 2023 @11:58AM (#63199346) Journal
    Yet another case where "we rolled our own super-better encryption" turns out not to be a feature. I'd like to think that people will learn someday.
    • But they didn't, Threema uses the NaCl library for encryption.
      • Re:And again... (Score:4, Insightful)

        by Entrope ( 68843 ) on Wednesday January 11, 2023 @01:20PM (#63199734) Homepage

        Libraries like NaCl and libsodium provide good cryptographic primitives, but how one assembles those into a useful protocol is also important, and it's a place where "roll your own" happens just as often with a lot of the same consequences.

      • Re:And again... (Score:5, Informative)

        by chill ( 34294 ) on Wednesday January 11, 2023 @01:33PM (#63199794) Journal

        Except NaCl isn't a full implementation of an encryption system, it is an abstraction of many of the components. Sort of like a solid Lego system, but for encryption. This is where the "roll your own" comes in as you still need to assemble it all correctly and integrate with the other components.

        In the PDF by DJB on NaCl [cr.yp.to] (See p 5 under section Nonces) it explicitly mentions that reply forgery is trivially simple and needs to be handled depending on the needs of the specific app. NaCl doesn't deal with reply forgery at all -- you have to design it into your app architecture. Threema didn't do that, according to the article.

        • agreed, but OP talked about rolling your own "encryption" which they didn't. Rolling your own encryption system is of course also a huge problem.
  • Swiss crypto is sus (Score:2, Informative)

    by Anonymous Coward

    There have been multiple fraudulent crypto companies from Switzerland.

    Crypto AG was the most publicized example, bit after that one, I recall there were at least one or two others.

    If something isn't fully open-source and based on well audited standards, don't trust to be private.

  • Honest question: What do people hope to gain by rolling their own encryption rather than using industry standard tried and true encryption?
    • by NFN_NLN ( 633283 ) on Wednesday January 11, 2023 @12:29PM (#63199460)

      Are you confusing the application / protocol with the underlying encryption algorithm?

      1. Signal uses existing vetted encryption algorithms.
      2. The "competitors" appear to be using the same protocols that use the same underlying encryption algorithms.

      "The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that can be used to provide end-to-end encryption for voice calls and instant messaging conversations.[2] The protocol was developed by Open Whisper Systems in 2013[2] and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide"[3] or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Messages app for one-to-one conversations.[4] Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

      The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake,[5] and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[6]"

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      --
      Note: Anything with a valid link to source material is an automatic "misinformation" and/or "troll" downvote. Sorry, this is slashdot tradition. Please downvote accordingly.

      • It seems that modern TLS solves these problems, no?
        • by NFN_NLN ( 633283 )

          Beats me. But I believe TLS is mainly for the transport and not the landing zone or storage of data. For messaging apps they also want to secure the cached/stored messages.

      • And yes, I was confusing encryption algorithm with protocol. But TLS cannot be eavesdropped upon as far as I know.
        • by Anonymous Coward

          And yes, I was confusing encryption algorithm with protocol. But TLS cannot be eavesdropped upon as far as I know.

          You do not understand E2EE and how it applies to messaging. Transport security is but one part of the whole. You have skipped the rest, which is the hard part.

    • by suutar ( 1860506 )

      Their rockstar feels better about not having code he didn't write?
      Distrust of the industry standard because it's an industry standard and therefore potentially a target for adding vulnerabilities?
      *shrug*

  • by Indy1 ( 99447 ) on Wednesday January 11, 2023 @12:20PM (#63199416)

    Security researchers have been saying they've had issues for a while.

    https://soatok.blog/2021/11/05... [soatok.blog]

  • by Anonymous Coward

    a level of security and privacy "no other chat service" can offer

    Note that it's not a statement of definitive quality.

  • What a FUD article!
  • by ukoda ( 537183 ) on Wednesday January 11, 2023 @02:13PM (#63200008) Homepage
    Yea, technical issues like this need discovered and fixed but there is a bigger issue to consider, the attitude behind the companies. The problem here is suggesting that Messenger is better. Messenger is a hard no for me because Meta can not be trusted. They can make all the claims the like about not giving governments access to your messages but at the end of the day it is a closed source app so who know what they are really doing?

    Do you trust Meta to put your best interests at heart? When government lawyers start threatening them, out of the public eye, or the armed men of government agencies turn up at Meta's data centers with block boxes to install making threats about public disclosure you can bet Meta will comply. Why would Meta put their neck out for you? You mean nothing to them except being an income source.

    Is Signal perfect? No, but bugs can be fixed, companies priorities and attitudes, not so much. I know which one I will take a punt on, hint it is nothing from Meta.
    • by suutar ( 1860506 ) on Wednesday January 11, 2023 @02:40PM (#63200148)

      Despite the title for this post, "Messenger" the Meta app is not involved in this; the term is being used instead of "Messaging app" and is describing Threema.

      • by ukoda ( 537183 )
        Thanks for that info, your reply needs an upvote. I have never hear of Threema, but then again I only have 14 messaging apps installed on my phone. Most of those apps are talk with customers who demand I use their preferred app. If I could I would only have Signal on my phone as I see them as the lowest long term risk.

        To your point Slashdot really need to make a bit more effort in their choice of headlines as in this case it clearly invites a misunderstanding by using the most well know messaging appl

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

Working...