Threema security loopholes in encryption policy implementation

Academic researchers have discovered serious security holes in the core of Threema, an instant messenger that its Swiss-based developer claims provides a level of security and privacy it cannot provide "no other chat service. "threem

Despite the company's favorable claims (if you don't smoke your house) in two independent Threema security checks, the researchers report that the flaws completely invalidate the confidentiality and authentication assurances that are the cornerstone of any program that purports to provide end-to-end encryption, E2EE short for end-to-end encryption.

Threema currently has more than 10 million users, including the Swiss government, the Swiss military, German Chancellor Olaf Scholz and other politicians from that country. Threema's developers tout it as a more secure alternative to Meta's WhatsApp Messenger. It is among the top Android apps in Switzerland, Germany, Austria, Canada and Australia. The application uses a custom encryption protocol in violation of established cryptographic rules.

Researchers from the Zurich-based research university ETH reported on Monday that they found seven vulnerabilities in Threema that seriously question the real level of security the app has offered over the years.

Two of the vulnerabilities do not require special access to a server or the Threema app to impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server, and the remaining two can be exploited when an attacker gains access to an unlocked phone.

"Overall, our attacks seriously undermine Threema's security claims," ​​the researchers report. "All attacks are patchable, but in some cases significant redesign is needed."

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.110 registrants.
threema, threema download

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).