Messenger Billed as Better Than Signal is Riddled With Vulnerabilities (arstechnica.com) 32
Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy "no other chat service" can offer. From a report: Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta's WhatsApp messenger. It's among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.
Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."
Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."
Stupid headline (Score:5, Insightful)
Can editors please write headlines that don't confuse the heck out of anything? "Messenger" is a trademark name for a product by Slashdot's favourite company Facebook, Meta, whatever they want to call themselves. Don't write "Messenger" when you mean "An Instant Messaging App" or just write "Threema" in the headline since it's explained in the first line of TFS anyway.
Re: (Score:3)
It is confusing, mostly because FaceBork picked a generic name for their specific product. A product that is on a decline sharper than ICQ's.
Re: (Score:2)
It is confusing, mostly because FaceBork picked a generic name for their specific product.
Of course. Love or hate the toxic shit of a company but it's a really good business practice to try and equate a generic term with your specific brand especially when that term is descriptive.
A product that is on a decline sharper than ICQ's.
Citation Required. And for that I mean actual messenger numbers. A lot of people I know dropped Facebook, they all still use Messenger to communicate because messaging apps have a far more important quality than some concept of whether a the owners of the company are good vs evil, they exist because people we want to c
Re: (Score:2)
If they meant the Meta app, they would have written "Messenger (tm)". I mean, we can trust Slashdot editors to flag all registered trademarks, right? Right?!
(But the real problem is the US trademark office allowing existing words to be used as trademarks and product names.)
Its the reputation (Score:4, Insightful)
Re: (Score:1)
Re: (Score:3)
Moxie is no longer at the helm. Just so you know...
Re: (Score:3)
> Moxie is no longer at the helm. Just so you know...
They have a staff now.
It was insane how he was running the entire infrastructure himself plus doing most of the coding.
And again... (Score:5, Insightful)
Re: (Score:3)
Re:And again... (Score:4, Insightful)
Libraries like NaCl and libsodium provide good cryptographic primitives, but how one assembles those into a useful protocol is also important, and it's a place where "roll your own" happens just as often with a lot of the same consequences.
Re:And again... (Score:5, Informative)
Except NaCl isn't a full implementation of an encryption system, it is an abstraction of many of the components. Sort of like a solid Lego system, but for encryption. This is where the "roll your own" comes in as you still need to assemble it all correctly and integrate with the other components.
In the PDF by DJB on NaCl [cr.yp.to] (See p 5 under section Nonces) it explicitly mentions that reply forgery is trivially simple and needs to be handled depending on the needs of the specific app. NaCl doesn't deal with reply forgery at all -- you have to design it into your app architecture. Threema didn't do that, according to the article.
Re: (Score:2)
Swiss crypto is sus (Score:2, Informative)
There have been multiple fraudulent crypto companies from Switzerland.
Crypto AG was the most publicized example, bit after that one, I recall there were at least one or two others.
If something isn't fully open-source and based on well audited standards, don't trust to be private.
Why not insudtry standard? (Score:2)
Re:Why not insudtry standard? (Score:5, Informative)
Are you confusing the application / protocol with the underlying encryption algorithm?
1. Signal uses existing vetted encryption algorithms.
2. The "competitors" appear to be using the same protocols that use the same underlying encryption algorithms.
"The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that can be used to provide end-to-end encryption for voice calls and instant messaging conversations.[2] The protocol was developed by Open Whisper Systems in 2013[2] and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide"[3] or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Messages app for one-to-one conversations.[4] Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.
The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake,[5] and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[6]"
https://en.wikipedia.org/wiki/... [wikipedia.org]
--
Note: Anything with a valid link to source material is an automatic "misinformation" and/or "troll" downvote. Sorry, this is slashdot tradition. Please downvote accordingly.
Re: (Score:2)
Re: (Score:3)
Beats me. But I believe TLS is mainly for the transport and not the landing zone or storage of data. For messaging apps they also want to secure the cached/stored messages.
Re: (Score:2)
Re: (Score:1)
And yes, I was confusing encryption algorithm with protocol. But TLS cannot be eavesdropped upon as far as I know.
You do not understand E2EE and how it applies to messaging. Transport security is but one part of the whole. You have skipped the rest, which is the hard part.
Re: (Score:2)
Re: (Score:2)
Their rockstar feels better about not having code he didn't write?
Distrust of the industry standard because it's an industry standard and therefore potentially a target for adding vulnerabilities?
*shrug*
not surprising - they got called out a year ago (Score:5, Informative)
Security researchers have been saying they've had issues for a while.
https://soatok.blog/2021/11/05... [soatok.blog]
No other service can provide security this poor (Score:1, Funny)
a level of security and privacy "no other chat service" can offer
Note that it's not a statement of definitive quality.
#AppleSux (Score:1)
There is a bigger picture (Score:3)
Do you trust Meta to put your best interests at heart? When government lawyers start threatening them, out of the public eye, or the armed men of government agencies turn up at Meta's data centers with block boxes to install making threats about public disclosure you can bet Meta will comply. Why would Meta put their neck out for you? You mean nothing to them except being an income source.
Is Signal perfect? No, but bugs can be fixed, companies priorities and attitudes, not so much. I know which one I will take a punt on, hint it is nothing from Meta.
Re:There is a bigger picture (Score:4, Insightful)
Despite the title for this post, "Messenger" the Meta app is not involved in this; the term is being used instead of "Messaging app" and is describing Threema.
Re: (Score:2)
To your point Slashdot really need to make a bit more effort in their choice of headlines as in this case it clearly invites a misunderstanding by using the most well know messaging appl