Connect with us

Business

Threema disputes crypto flaws disclosure, prompts security flap

Published

on

Security researchers have defended academics who discovered several serious security flaws in Threema following criticism of their work by developers of the encrypted messaging app.

A team of computer scientists from Swiss university ETH Zurich found a total of seven vulnerabilities in secure messaging app Threema, which boasts 10 million users including the Swiss Government and current Chancellor of Germany, Olaf Scholz.

Threat models

The ETH team – comprising Professor Kenneth Paterson, Matteo Scarlata, and Kien Tuong Truong – found that Threema features neither ‘forward security’ nor post-compromise security.

Forward security means that even after a compromise, an attacker will be unable to decrypt data encrypted prior to the hack. Post-compromise security involves setting up such an architecture so that security can be restored after an attack, providing any attacker is purged from the process of communication exchange.

The seven vulnerabilities discovered fell across three distinct threat models: network attacker, compromised server, and compelled access.

Rolling their own crypto

Problems arose because of Threema’s use of bespoke encryption technologies. For example, the Swiss service’s bespoke client-to-server (C2S) protocol features ephemeral keys. This ought, in theory, to make sessions independent from each other.

However, ETH researchers discovered that compromising a single client ephemeral key allowed an attacker to impersonate that client indefinitely.

The researchers disclosed this flaw and six other vulnerabilities to Threema’s developers in early October last year. Modifications were made before Threema released a new protocol, Ibex, to further mitigate the attacks in late November 2022.

The researchers held off on publishing their findings until Monday January 9, as agreed.

‘Hopelessly oversell’

Threema decided to then disrespect the researchers in responding to publication of their findings, earning the ire of the wider infosec community in the process.

“There’s a new paper on Threema’s old communication protocol,” the vendor wrote on its official Twitter account. “Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk.”

In an associated statement, Threema acknowledged that “while some of the findings presented in the paper may be interesting from a theoretical standpoint, none of them ever had any considerable real-world impact”.

‘Condescending’

Swiss security researcher Christian Folini described Threema’s response as “condescending”.

“It’s not your job to judge the quality of security research. Your job is to get your act together, present us with the fixes, and leave the assessment to third parties,” Folini said on Twitter.

Professor Alan Woodward, a computer scientist at the University of Surrey, agreed that Threema had unnecessarily attacked the researchers for what he characterized as constructive criticism of the encrypted messaging app.

“Their [Threema’s] tone was rather dismissive stating it was an older version and they had fixed all the issues identified, but Threema were able to say this because of the work and the responsible disclosure,” Professor Woodward told The Daily Swig.

“I can’t help [but] think that researchers might be less inclined to cooperate as responsibly if the app developers take this attitude.”

On the substance of the security issues identified, Professor Woodward told The Daily Swig that the problems “appears to arise because they [Threema] rolled their own protocol plus they were working with some limitations of the chosen library, Nacl”.

The Daily Swig invited the ETH team to comment on the flaws they discovered and the disclosure process. No word back as yet, but we’ll update this story as and when more information comes to hand.

Professor Kenneth Paterson has spoken publicly of his disappointment in Threema’s response.

“After a constructive engagement with ThreemaApp during responsible disclosure, this is unexpectedly dismissive. We broke their protocol six ways. They updated it, thanks to our work,” Professor Paterson said on Twitter.

Source: https://portswigger.net/daily-swig/threema-disputes-crypto-flaws-disclosure-prompts-security-flap

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO