Swiss Army’s Threema messaging app was full of holes – at least seven

A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by ETH Zurich researchers.

The university’s applied cryptography group this week published research [PDF] detailing seven vulnerabilities in Threema’s home-grown cryptographic protocols. The vulnerabilities, if exploited, could have allowed miscreants to clone accounts and read their messages, as well as steal private keys and contacts and even manufacture compromising material for blackmail purposes. 

While the Switzerland-based app – which bills itself as a more-secure and non-US-based alternative to WhatsApp – isn’t as widely used as Signal or Telegram, its data centers are located in Alpine territory. That makes it a popular messaging app for users – like the Swiss army – who want to avoid potential snooping from overseas governments. It boasts more than ten million users and 7,000 on-premise customers – including German chancellor Olaf Scholz.

Threema downplayed the bugs in a blog post about the research. The vulnerabilities were found in a protocol that Threema no longer uses, and while the bugs may be “interesting from a theoretical standpoint, none of them ever had any considerable real-world impact,” according to the post.

Here’s more of the Swiss company’s statement:

The three researchers – computer science professor Kenneth Paterson and PhD students Matteo Scarlata and Kien Tuong Truong – noted on a website about the Threema security flaws that they originally disclosed their finding to the company in October 2022, and later agreed on a January 9 public disclosure date.

Threema released its Ibex protocol in late November “to further mitigate our attacks,” and the researchers noted they have not audited this new protocol, which was released after their investigation. They do, however, “believe that all of the vulnerabilities we discovered have been mitigated by Threema’s recent patches,” the researchers wrote. 

In an email to The Register, Paterson noted that the old protocol “was only updated to the ‘new’ version because of our research.”

Threema’s statement “is extremely misleading,” he added. “It’s very disappointing that they portrayed the current situation in this highly misleading way.”

While the researchers concede these specific bugs no longer pose a threat to Threema customers, their discovery still highlights the difficulty in assessing “security claims made by developers of applications that rely on bespoke cryptographic protocols.” 

“Ideally, any application using novel cryptographic protocols should come with its own formal security analyses (in the form of security proofs) in order to provide strong security assurances,” they added. “Such an analysis can help to reduce uncertainty about whether further serious cryptographic vulnerabilities still exist in Threema.” ®

READ MORE HERE