Threema security loopholes in encryption policy implementation

Ακαδημαϊκοί ερευνητές ανακάλυψαν σοβαρά κενά ασφαλείας στον πυρήνα του Threema, ενός instant messenger που ο προγραμματιστής του με έδρα την Ελβετία ισχυρίζεται ότι παρέχει ένα επίπεδο ασφάλειας και απορρήτου που δεν μπορεί να παρέχει “no other chat service. "threem

Despite the company's favorable claims (if you don't smoke your house) in two independent Threema security checks, the researchers report that the flaws completely invalidate the confidentiality and authentication assurances that are the cornerstone of any program that purports to provide end-to-end encryption, E2EE short for end-to-end encryption.

Threema currently has more than 10 million users, including the Swiss government, the Swiss military, German Chancellor Olaf Scholz and other politicians from that country. Threema's developers tout it as a more secure alternative to Meta's WhatsApp Messenger. It is among the top Android apps in Switzerland, Germany, Austria, Canada and Australia. The application uses a custom encryption protocol in violation of established cryptographic rules.

Researchers from the Zurich-based research university ETH reported on Monday that they found seven vulnerabilities in Threema that seriously question the real level of security the app has offered over the years.

Two of the vulnerabilities do not require special access to a server or the Threema app to impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server, and the remaining two can be exploited when an attacker gains access to an unlocked phone.

"Overall, our attacks seriously undermine Threema's security claims," ​​the researchers report. "All attacks are patchable, but in some cases significant redesign is needed." The Best Technology Site in Greece
Follow us on Google News

threema, threema download

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).