Encrypted Chat App Threema Full of Hackable Bugs: Study

An end-to-end encrypted chat app that collects almost no data and requires no personal information to sign up? Sounds like a dream come true for privacy enthusiasts. The only problem is that Threema, the Swiss privacy company behind the messenger in question, has been using an unreliable cryptographic protocol, whose bugs would have allowed a savvy hacker to access metadata related to users’ supposedly safe and secret convos. Yikes indeed.

Threema’s unfortunate security issues were discovered late last year by a Zurich computer science student and his two academic supervisors. After managing to successfully defeat the app’s defenses, the trio disclosed their findings, allowing the company to quietly update its protocols and patch the security gaps that would have allowed for the hypothetical attacks. This week, the researchers published those findings, revealing how the app’s previous cryptographic protocol definitely left something to be desired.

“In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models,” researchers write. “All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.”

Those theoretical attacks, which you can read about more extensively in the researchers’ paper, show a number of different methods to slide under Threema’s supposedly sturdy wall of encryption. You could say it’s pretty bad news for a company that bills itself as the “maximum security” app and that, until recently, claimed that its messenger was more secure than any other—including popular E2EE staple Signal.

It’s also potentially bad news for Threema’s customers. As researchers note, the highly regarded app has over 10 million regular users—including thousands of corporate customers and a number of especially “prominent users,” such as the “Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz.”

G/O Media may get a commission

Up to $100 credit

Samsung Reserve

Reserve the next gen Samsung device
All you need to do is sign up with your email and boom: credit for your preorder on a new Samsung device.

That said, Threema has partially disputed the feasibility of the attacks. In response to the findings, the company published a statement this week explaining that it didn’t necessarily view the recently discovered vulnerabilities as realistically applicable. “None of them [the security flaws] ever had any considerable real-world impact,” the company has claimed.

When reached for comment by Gizmodo, Threema spokesperson Julia Weiss clarified that the chat platform was now stepping up its security, including new external audits and a bug bounty program that offers a reward of up to 10,000 Swiss francs to “friendly hackers.” Weiss also said that Threema’s new protocol, “Ibex,” which replaced the old one, was “state-of-the art,” and had been “developed in cooperation with an external cryptographer.”

“It’s a reality in the software industry that bugs can never be ruled out completely and slip through even the strictest QA [quality assurances] processes,” said Weiss in an email. “This affects all applications and operating systems. That’s why we not only act proactively, but also pride ourselves on our ability to respond quickly to such situations.”

There’s no evidence that anyone ever used these attack methods to decrypt data or infiltrate conversations on Threema. That said, it’s still a good reminder that just because a platform offers end-to-end encryption doesn’t mean that your communications are necessarily safe. Though messengers may offer encryption, there’s pretty much always a way around such protections. Another recent incident, which involved the popular E2EE communication protocol Matrix, showed that the platform had serious software bugs that would have allowed conversations to be compromised.

Signal, to our knowledge, has never had a problem of this kind—but that doesn’t mean it couldn’t happen. As with anything involving the internet, a hack might not be likely, but it’s always possible.

An end-to-end encrypted chat app that collects almost no data and requires no personal information to sign up? Sounds like a dream come true for privacy enthusiasts. The only problem is that Threema, the Swiss privacy company behind the messenger in question, has been using an unreliable cryptographic protocol, whose bugs would have allowed a savvy hacker to access metadata related to users’ supposedly safe and secret convos. Yikes indeed.

Threema’s unfortunate security issues were discovered late last year by a Zurich computer science student and his two academic supervisors. After managing to successfully defeat the app’s defenses, the trio disclosed their findings, allowing the company to quietly update its protocols and patch the security gaps that would have allowed for the hypothetical attacks. This week, the researchers published those findings, revealing how the app’s previous cryptographic protocol definitely left something to be desired.

“In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models,” researchers write. “All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.”

Those theoretical attacks, which you can read about more extensively in the researchers’ paper, show a number of different methods to slide under Threema’s supposedly sturdy wall of encryption. You could say it’s pretty bad news for a company that bills itself as the “maximum security” app and that, until recently, claimed that its messenger was more secure than any other—including popular E2EE staple Signal.

It’s also potentially bad news for Threema’s customers. As researchers note, the highly regarded app has over 10 million regular users—including thousands of corporate customers and a number of especially “prominent users,” such as the “Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz.”

G/O Media may get a commission

Up to $100 credit

Samsung Reserve

Reserve the next gen Samsung device
All you need to do is sign up with your email and boom: credit for your preorder on a new Samsung device.

That said, Threema has partially disputed the feasibility of the attacks. In response to the findings, the company published a statement this week explaining that it didn’t necessarily view the recently discovered vulnerabilities as realistically applicable. “None of them [the security flaws] ever had any considerable real-world impact,” the company has claimed.

When reached for comment by Gizmodo, Threema spokesperson Julia Weiss clarified that the chat platform was now stepping up its security, including new external audits and a bug bounty program that offers a reward of up to 10,000 Swiss francs to “friendly hackers.” Weiss also said that Threema’s new protocol, “Ibex,” which replaced the old one, was “state-of-the art,” and had been “developed in cooperation with an external cryptographer.”

“It’s a reality in the software industry that bugs can never be ruled out completely and slip through even the strictest QA [quality assurances] processes,” said Weiss in an email. “This affects all applications and operating systems. That’s why we not only act proactively, but also pride ourselves on our ability to respond quickly to such situations.”

There’s no evidence that anyone ever used these attack methods to decrypt data or infiltrate conversations on Threema. That said, it’s still a good reminder that just because a platform offers end-to-end encryption doesn’t mean that your communications are necessarily safe. Though messengers may offer encryption, there’s pretty much always a way around such protections. Another recent incident, which involved the popular E2EE communication protocol Matrix, showed that the platform had serious software bugs that would have allowed conversations to be compromised.

Signal, to our knowledge, has never had a problem of this kind—but that doesn’t mean it couldn’t happen. As with anything involving the internet, a hack might not be likely, but it’s always possible.