[Nulled] » Information security » OSINT » 📱Weaknesses with fundamental security problems have been discovered in the super-duper protected messenger "Threema"
January 26 2023

📱Weaknesses with fundamental security problems have been discovered

📱Weaknesses with fundamental security problems have been discovered in the super-duper protected messenger "Threema" — audit of researchers at the University of🇨🇭ETH Zurich

Preferred by the Swiss government and the army, the Threema app with the loud slogan "Secure. Anonymous.Trusted by millions" turned out not to be as safe as it was originally supposed to be. A group of scientists from the reputable Swiss Federal Institute of Technology in Zurich (🇨🇭ETH Zurich), specializing in cryptography and mathematics, found out that due to fundamental security problems in the Threema application, potential attackers can clone accounts using 7 different attack options, read user messages, steal users' private keys, get contacts from the phone books and even produce compromising materials for the purpose of blackmail.

1️⃣ C2S Ephemeral Key Compromise attack
2️⃣ Vouch Box Forgery attack
3️⃣ Message Reordering and Deletion attack
4️⃣ Message Replay and Reflection attack
5️⃣ Kompromat attack
6️⃣ Cloning via Threema ID Export attack
7️⃣ Session Side-Channel attack

Three ETH Zurich researchers Kenneth Paterson, Matteo Scarlata and Kien Tuong Truong noted that they initially reported their findings to Threema in October 2022 so that they would promptly eliminate vulnerabilities, and then agreed to make the problems public on January 9, 2023, but the company preemptively, knowing about critical problems, publicly announced a new "the protected "Ibex" protocol in November 2022, which "no longer looks like the old one", trying to focus on novelty and the absence of fundamental security problems.

"Last year, a student of the Faculty of Computer Science at ETH Zurich wrote a master's thesis on the Threema protocol. Now the university has published his work in the form of an article. However, the research work is based on an old protocol that is no longer in use. The presented conclusions are not applicable to the current Threema "Ibex" communication protocol, - marketers of the secure messenger company cleverly played solitaire.

🤦♂️"Threema's statement is misleading. It is very annoying to see that they have depicted the current situation in this way," commented Kenneth Paterson, a doctor of computer science from ETH Zurich. (English: Threema's statement "is extremely misleading)

"On the other hand, the seven attacks we have presented highlight several fundamental weaknesses in the design of Threema. Indeed, the Threema protocols lack basic properties that are now considered de rigueur for a messenger app to be regarded as secure: forward secrecy with respect to a malicious server, and protection against replay, reflection, and reordering attacks," Swiss researchers summarize the Threema audit.

It is known that Threema has gained particular popularity among the Swiss military, who were forcibly obliged to switch to Threema in order to avoid surveillance by foreign countries. The app has more than 10 million users and 7,000 customers, including German Chancellor Olaf Scholz.

Warning! You are not allowed to view this text.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 26 January 2023 11:20
  • Publication category(s): Information security»,OSINT
  • Number of views of the publication: 269
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
It's no secret that the

It's no secret that the Swiss messenger Threema is very popular and has been used mainly for more than 10 years as

Read more
16 January 2023
Information security
A group of researchers

A group of researchers from Texas A&M University, Temple University, the New Jersey Institute of Technology,

Read more
16 January 2023
Information security
Red Balloon Security

Red Balloon Security researchers have discovered a potentially serious unpatched vulnerability affecting many

Read more
23 January 2023
Information security
Datadog, specializing in

Datadog, specializing in cloud security, reports that it has become a conditional victim of a recent incident with

Read more
17 January 2023
Open Source
Databag

Databag An independent federated lightweight messenger for a decentralized network.

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +15 Total articles 6747
  • +12 Comments 4077
  • +23 Users : 5841