Real World Crypto 2021 - Session 2: Group MessagingRWC2021 · Real World Crypto
Bridgefy is a mesh-networked offline messaging app based on BT (classic, or BLE). Despite not being designed for use in a protest setting, that is how it has been adopted, eg. in BLM protests, and democracy protests in Hong Kong.
Analysis required reverse-engineering of Android app. This revealed numerous poor design decisions. Oops, it used RSA & PKCS#1v1.5 (deprecated) in ECB fashion. When combined with Gzip a padding oracale was available, Bleichenbacher attack w/ 2^17 msgs. Also users social graphs can be extracted, and log-ins MITMed.
The attacks were verified using Frida.
Open questions: can security even be achieved in the mesh setting? And what security needs do protesters have?
Various similarities to Key Transparency / CONIKS / Keybase for identity
PCS = Post-compromise security
- how a multi-participant messaging protocol recovers after an attacker gains one of the encryption keys
IETF working in this area, defining MLS (messaging layer security)