Academic researchers have discovered serious security holes in the core of Threema, an instant messenger that its Swiss-based developer claims provides a level of security and privacy it cannot provide "no other chat service. "
Despite the company's favorable claims (if you don't smoke your house) in two independent Threema security checks, the researchers report that the defects completely invalidate the assurances of confidentiality and control ID cards that are the cornerstone of any program that is supposed to provide end-to-end encryption, abbreviated E2EE from end-to-end encryption.
Η Threema αυτή την στιγμή έχει περισσότερους από 10 εκατομμύρια χρήστες, στους οποίους συμπεριλαμβάνονται η ελβετική κυβέρνηση, ο ελβετικός στρατός, ο Γερμανός καγκελάριος Olaf Scholz και άλλοι πολιτικοί από αυτή τη χώρα. Οι προγραμματιστές της Threema την διαφημίζουν ως μια πιο ασφαλή εναλλακτική λύση του WhatsApp Messenger της Meta. Είναι μεταξύ των κορυφαίων εφαρμογών του Android στην Ελβετία, τη Γερμανία, την Αυστρία, τον Καναδά και την Australia. The application uses a custom encryption protocol in violation of established cryptographic rules.
Researchers from the Zurich-based research university ETH reported on Monday that they found seven vulnerabilities in Threema that seriously question the real level of security the app has offered over the years.
Two of the vulnerabilities do not require special access to a server or the Threema app to impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server, and the remaining two can be exploited when an attacker gains access to an unlocked phone.
"Overall, our attacks seriously undermine Threema's security claims," the researchers report. "All attacks are patchable, but in some cases significant redesign is needed."
