![]() Threema released its Ibex protocol in late November "to further mitigate our attacks," and the researchers noted they have not audited this new protocol, which was released after their investigation. ![]() The three researchers – computer science professor Kenneth Paterson and PhD students Matteo Scarlata and Kien Tuong Truong – noted on a website about the Threema security flaws that they originally disclosed their finding to the company in October 2022, and later agreed on a January 9 public disclosure date. ![]() None of them ever had any considerable real-world impact." The presented findings do not apply to Threema's current communication protocol "Ibex" or have already been addressed. However, the paper is based on an old protocol that is no longer in use. The university has now published his work as a paper/preprint. Last year, a student at the Department of Computer Science at ETH Zurich wrote his master's thesis on Threema's communication protocol. It boasts more than ten million users and 7,000 on-premise customers – including German chancellor Olaf Scholz. That makes it a popular messaging app for users – like the Swiss army – who want to avoid potential snooping from overseas governments. While the Switzerland-based app – which bills itself as a more-secure and non-US-based alternative to WhatsApp – isn't as widely used as Signal or Telegram, its data centers are located in Alpine territory. The vulnerabilities, if exploited, could have allowed miscreants to clone accounts and read their messages, as well as steal private keys and contacts and even manufacture compromising material for blackmail purposes. The university's applied cryptography group this week published research detailing seven vulnerabilities in Threema's home-grown cryptographic protocols. A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by ETH Zurich researchers.
0 Comments
Leave a Reply. |