Swiss Army's Threema messaging app was full of holes – at least seven
At least the penknives are still secure
A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by ETH Zurich researchers.
The university's applied cryptography group this week published research [PDF] detailing seven vulnerabilities in Threema's home-grown cryptographic protocols. The vulnerabilities, if exploited, could have allowed miscreants to clone accounts and read their messages, as well as steal private keys and contacts and even manufacture compromising material for blackmail purposes.
While the Switzerland-based app – which bills itself as a more-secure and non-US-based alternative to WhatsApp – isn't as widely used as Signal or Telegram, its data centers are located in Alpine territory. That makes it a popular messaging app for users – like the Swiss army – who want to avoid potential snooping from overseas governments. It boasts more than ten million users and 7,000 on-premise customers – including German chancellor Olaf Scholz.
Threema downplayed the bugs in a blog post about the research. The vulnerabilities were found in a protocol that Threema no longer uses, and while the bugs may be "interesting from a theoretical standpoint, none of them ever had any considerable real-world impact," according to the post.
Here's more of the Swiss company's statement:
Last year, a student at the Department of Computer Science at ETH Zurich wrote his master's thesis on Threema's communication protocol. The university has now published his work as a paper/preprint. However, the paper is based on an old protocol that is no longer in use. The presented findings do not apply to Threema's current communication protocol "Ibex" or have already been addressed. None of them ever had any considerable real-world impact."
The three researchers – computer science professor Kenneth Paterson and PhD students Matteo Scarlata and Kien Tuong Truong – noted on a website about the Threema security flaws that they originally disclosed their finding to the company in October 2022, and later agreed on a January 9 public disclosure date.
Threema released its Ibex protocol in late November "to further mitigate our attacks," and the researchers noted they have not audited this new protocol, which was released after their investigation. They do, however, "believe that all of the vulnerabilities we discovered have been mitigated by Threema's recent patches," the researchers wrote.
- Mobile networks really hate Apple's Private Relay: Some folks find iOS privacy feature blocked on their iPhones
- Egad, did Apple do something right? End-to-end encryption for (most) iCloud services
- What's up with WhatsApp? Messaging platform suffers outage in the UK
- Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America
In an email to The Register, Paterson noted that the old protocol "was only updated to the 'new' version because of our research."
Threema's statement "is extremely misleading," he added. "It's very disappointing that they portrayed the current situation in this highly misleading way."
While the researchers concede these specific bugs no longer pose a threat to Threema customers, their discovery still highlights the difficulty in assessing "security claims made by developers of applications that rely on bespoke cryptographic protocols."
"Ideally, any application using novel cryptographic protocols should come with its own formal security analyses (in the form of security proofs) in order to provide strong security assurances," they added. "Such an analysis can help to reduce uncertainty about whether further serious cryptographic vulnerabilities still exist in Threema." ®