An analysis of the cryptographic protocols of the anonymous messenger Threema revealed several vulnerabilities that can bypass authentication protection and recover users' private keys.
Threema is an encrypted messaging app with over 11 million users. According to ETH Zurich experts, flaws in the cryptographic protocol allow a hacker to:
- impersonate a legitimate user;
- change the order of messages in the dialog;
- clone the victim's account;
- use the backup recovery mechanism to obtain the user's private key;
- discreetly access future messages of users without their knowledge;
- access Threema servers to play old messages (this happens when the user reinstalls the app or changes devices).
In addition, a cybercriminal can carry out an attack in which the attacker's server tricks the client into "encrypting a message of the server's choice that can be delivered to another user."
According to Theema, the results of the analysis are interesting from a theoretical point of view, but they did not have a significant impact on the real world. The results suggest broad and unrealistic assumptions that could have far more serious implications than the experts' conclusions themselves.
Researchers reported the problem to Threema, and the company released a new communication protocol called Ibex within a few weeks that fixes the flaw.