'Maximum Security' app claimed to be better than Signal found full of cryptographic bugs
January 12, 2023 By Raulf Hernes
(Image Credit Google)
An end-to-end encrypted chat app that requires no personal information and collects almost no data? For privacy enthusiasts, this makes it sound like a dream come true. The messenger in question was using an untrustworthy cryptographic protocol, the bugs which would have allowed a skilled hacker to get metadata related to users' ostensibly secure and private conversations. After researchers discovered security flaws, Swiss privacy firm Threema quietly revised its protocols and patched them.
Theoretical attacks against the app's encryption have been demonstrated by researchers, along with proofs-of-concept demonstrating their feasibility in practice. It's terrible news for a company that serves itself as the "most secure" app and claims its messenger is the most secure of any.
[caption id="attachment_81017" align="aligncenter" width="850"]
Threema[/caption]
This could be bad news for app users, including the Swiss government and the Swiss Army. The company has disputed the attacks' feasibility, claiming they had no real-world impact.
Also Read: Amazon will fire more than 17,000 employees
The company claims its new protocol, "Ibex," replaced the old one, is "state-of-the-art," and had been "formed in cooperation with an external cryptographer".
Although there is no proof that these hacking attempts were effective, it serves as an example that not all encryption is completely secure. A hack, like anything else involving the internet, is unlikely but not impossible.