An end-to-end encrypted chat app that collects almost no data and requires no personal information to sign up? Sounds like a dream come true for privacy enthusiasts. The only problem is that Threema, the Swiss privacy company behind the messenger in question, has been using an unreliable cryptographic protocol, whose bugs would have allowed a savvy hacker to access metadata related to users’ supposedly safe and secret convos. Yikes indeed.
Threema’s unfortunate security issues were discovered late last year by a Zurich computer science student and his two academic supervisors. After managing to successfully defeat the app’s defenses, the trio disclosed their findings, allowing the company to quietly update its protocols and patch the security gaps that would have allowed for the hypothetical attacks. This week, the researchers published those findings, revealing how the app’s previous cryptographic protocol definitely left something to be desired.
“In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models,” researchers write. “All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.”
Those theoretical attacks, which you can read about more extensively in the researchers’ paper, show a number of different methods to slide under Threema’s supposedly sturdy wall of encryption. You could say it’s pretty bad news for a company that bills itself as the “maximum security” app and that, until recently, claimed that its messenger was more secure than any other—including popular E2EE staple Signal.
It’s also potentially bad news for Threema’s customers. As researchers note, the highly regarded app has over 10 million regular users—including thousands of corporate customers and a number of especially “prominent users,” such as the “Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz.”
That said, Threema has partially disputed the feasibility of the attacks. In response to the findings, the company published a statement this week explaining that it didn’t necessarily view the recently discovered vulnerabilities as realistically applicable. “None of them [the security flaws] ever had any considerable real-world impact,” the company has claimed.
When reached for comment by Gizmodo, Threema spokesperson Julia Weiss clarified that the chat platform was now stepping up its security, including new external audits and a bug bounty program that offers a reward of up to 10,000 Swiss francs to “friendly hackers.” Weiss also said that Threema’s new protocol, “Ibex,” which replaced the old one, was “state-of-the art,” and had been “developed in cooperation with an external cryptographer.”
“It’s a reality in the software industry that bugs can never be ruled out completely and slip through even the strictest QA [quality assurances] processes,” said Weiss in an email. “This affects all applications and operating systems. That’s why we not only act proactively, but also pride ourselves on our ability to respond quickly to such situations.”
There’s no evidence that anyone ever used these attack methods to decrypt data or infiltrate conversations on Threema. That said, it’s still a good reminder that just because a platform offers end-to-end encryption doesn’t mean that your communications are necessarily safe. Though messengers may offer encryption, there’s pretty much always a way around such protections. Another recent incident, which involved the popular E2EE communication protocol Matrix, showed that the platform had serious software bugs that would have allowed conversations to be compromised.
Signal, to our knowledge, has never had a problem of this kind—but that doesn’t mean it couldn’t happen. As with anything involving the internet, a hack might not be likely, but it’s always possible.
ENCRYGMA.COM Offline “ Air Gapped” Super Encryption Mobile Machines & SuperEncrypted Cellular Phoness.
SuperEncrypted Communications: Ultra Encrypted Text Messaging with No Cellular or Internet Connection. No Servers. More Secure than a Face To Face Meeting.
WATCH THE VIDEO BELOW ⬇️
Cyber Defense Advisors ✅ WhatsApp/Telegram/Signal/Viber +372 5734 7873
info@DigitalBankVault.com or visit ENCRYGMA.com.
ENCRYGMA.COM Encryption Machines : The Highest Level of Cyber Defense for Secret Critical Data.
Mathematically Unbreakable Quantum Safe Encryption. Anti Interception. Anti Espionage. Anti Hacking. Anti Spyware . Anti Digital Forensic Data Extraction. Immune to Online Attacks.
PRIVACY IS LUXURY
SECRECY IS PRICELESS
Ultra Encrypted Communications
🇬🇧 CIPHER SYSTEMS & MOBILE ENCRYPTION MACHINES
Used by Billionaires, CEOs, VIPs, Celebs, Royals, WallStreet Sharks, Bitcoin Whales
The ENCRYGMA.COM Super Encryption Tech can’t be deciphered by any Governments, Cyber Authorities, Intelligence Agencies , Homeland Security or State Sponsored Hackers. #Blackberry #phantomsecure #EncryptedPhone #Encrochat #SkyECC #AnOm #cipherphone #encryptedphone
The ENCRYGMA.COM Encryption Machines can’t be penetrated by any type of Digital Forensic Extraction Tolls , they are immune to online and offline hacking and cyber attacks , spyware or malware infections.
If you need to communicate top classified information, transfer secret data or store sensitive files , you need an Anti Espionage and Anti Interception ENCRYGMA.COM Cipher Machine.
The ENCRYGMA.COM Cipher Machine is an above “Government Level”, Quantum Safe Encryption, mathematically uncrackable, no matter how much computational power is applied.
SECRECY IS PRICELESS
Offline “ Air Gapped” Super Encryption Mobile Machines & Ultra Encrypted Phones
Ultra Encrypted Text Messaging with No Cellular or Internet Connection. No Servers.
Encryption Keys generated offline by the user , never exchanged with third parties and erased permanently after each session.
More Secure than a Face To Face Meeting.
More details?
Consult with our
Cyber Defense Experts at : Info@DigitalBankVault.com
Visit us today at : https://www.digitalbank.capital
SECRECY IS PRICELESS
Offline “ Air Gapped” Super Encryption Mobile Machines.
SECRECY IS PRICELESS
Offline “ Air Gapped” Super Encryption Mobile Machines.
How it works ? Watch the video below 👇
Full technical details:
Cyber War Grade, Mathematically UnCrackable, Quantum Safe, Air Gapped (Offline) Encryption Machines More details ? Click here: ENCRYGMA.com .
“ If you need to communicate top classified information or you need to store secret data and be absolutely sure that no state-sponsored hackers, no foreign Governments , no intelligence agencies will be ever able to decipher the files, you need an Above Military Level Offline SuperEncryption System”
Visit us today at : https://www.digitalbank.capital/knox-encrypted-smartphone
ENCRYGMA.COM Cyber Defense Advisors ✅WhatsApp/Telegram/Signal/Viber +372 5734 7873
More details about our Military Encrypted iPhones , please visit : https://www.digitalbank.capital/encrygma
Cyber War Ultra Encrypted Communications.
More details? Consult with our cyber defense advisors at info@DigitalBankVault.com or visit ENCRYGMA.com
Visit us today at : https://www.digitalbank.capital/military-encrypted-cellphones
TAGS:
Blackberry,Phantom Secure,Encrochat, Sky ECC, An0M, Blackphone Privy, Kaymera, Silent Circle,Katim, Intactphone,KryptAll,Cipher Phone, Omerta Digital,Diamond Secure,Ano Phone,K-iPhone,Purism Librem 5, Solarin From Sirin Labs, Sirin Labs Finney U1,Bittium Tough Mobile 2C, Silent Circle Blackphone 2, Encrygma SuperEncrypted Phone, Encrygma.com, most secure encrypted phone, Encrygma, Encrypted Phones for Sale
#PegasusSpyware #Encrochat #CyberProtection #cipherphone #SKYECC #encryptedphone #encryption #Encrypt #hacking #interception #ESPIONAGE #securecommunication #spyware
are cell phones encrypted
encrypted cell phone
encrypted smartphone
secure encrypted phone
encrypted mobile phone
encrypted phone for sale
encrypted phone service
fully encrypted phone
crypt phone
crypto phones for sale
fully encrypted cell phone
how to get an encrypted phone
mobile phone encryption device
phone encrypted for security
phone is encrypted for security
mobile phone encryption security
what does android encryption do
what does it mean if your phone is encrypted
what is encrypt phone
what is encrypting your phone
your phone is encrypted for security
best encrypted mobile phone
best encrypted phone
encrypted android os
encrypted cell phone communication
encrypted mobile phone suppliers
how to encrypt android phone calls
secure cell phone service
secure phone system
what does encrypt device mean
what does encrypt phone mean
what does encrypting my phone do
what does encrypting my phone mean
what does it mean encrypted phone
what does it mean your phone is encrypted for security
what happens when you encrypt your android phone
what is the meaning of encryption in mobile phone
whats an encrypted phone
best encrypted cell phone
cell crypt app
cell phone secure line
cell phone security in cryptography
cellular voice encryption
encrypt your phone android
encrypted phone os
encrypted phone uk
encrypted smartphone 2023
how encrypt phone
how to encrypt cell phone calls
how to encrypt cell phone communications
how to encrypt mobile devices
how to encrypt phone
how to know if my phone is encrypted
is my device encrypted
mobile encryption meaning
mobile phone call encryption
what happens if i encrypt my android phone
your phone is encrypted for security samsung
android decrypt data
android encryption
android encryption policy
android hardware encryption
android turn off encryption
app to encrypt android phone
aquarius encrypted mobile phone
are samsung phones encrypted
best cell phone for privacy
can i encrypt my android phone
cipher phone australia
cipher phone review
cipher phone specs
data encryption for android
does android encrypt data
encro phone for sale
how to encrypt apps on android
how to encrypt my android phone
how to encrypt my phone
how to encrypt phone calls iphone
how to encrypt your android phone
how to make a secure cell phone call
how to unlock an encrypted phone
iphone voice encryption
kryptall iphone for sale
kryptall phone cost
kryptall phone for sale
mobile device data encryption
mobile encryption app
mobile phone encryption software
most encrypted cell phone
most encrypted phone
ecure encrypted voip
secure voip iphone
securephone
should i encrypt my android tablet
should i encrypt phone
update encrypted android
what does encrypt by default mean
what is hardware encryption in android
your device is encrypted for security
best phone encryption software
best secure mobile phone in the world
black phone private os
buy encrochat phone
can an encrypted phone be tracked
can encrypted phone be hacked
cellcrypt download
cellcrypt inc
cellcrypt ltd
crypt app
crypt com
cypher phone australia
decrypt device android
decrypt my phone
device encryption
does encrypting phone slow it down
encrochat phone price
encrypt a file android
encrypt android tablet
encrypted file system android
encrypted group calls
encrypted mobile phone manufacturers
encrypted nokia phones
encrypted phone call app
encrypted phone number app
encrypted voice call app
encryption manager android
encryption of data storage on device
encryption settings
end to end encryption phone call
how to encrypt android tablet
how to encrypt files on android phone
how to encrypt iphone calls
how to encrypt note 2
how to encrypt note 5
how to encrypt phone calls on iphone
how to encrypt samsung phone
how to encrypt your android phone or tablet
how to encrypt your phone
how to make encrypted calls
how to secure a cell phone line
how to secure a phone line
how to secure phone calls
k iphone price
kryptall phone price
military encryption software for mobile phones
mobile encryption and decryption
mobile phone cipher
most private cell phone
most safest mobile phones
most secure cell phone carrier
most secure cell phone in the world
most secure phone
most secure phone on the market
most secure smart phones
most secure smartphone
most unhackable phone
secure id phone calls
secure mobile phones in india
secure phone calls iphone
secure phone line
secure smart phones
secure smartphone os
secure telephone
secure telephone service
secure voice
secure voice communication
secure voice conferencing
secure voip app iphone
should i encrypt my tablet
should you encrypt your smartphone
smartphone security hardware
super secure phone
the most secure smartphone
turn on encryption android
voice encryption
voip encryption software
what is encrypt device in samsung
what is the most secure mobile phone platform
best cell phone for law enforcement
best cell phone security
best phone for hacking
bureau of investigation
call scrambler app
calling cipher
can a flip phone be hacked
can a non smartphone be hacked
can cops hack your iphone
can cops hack your phone
can flip phones be tapped
can my blackberry be hacked
can police get into an iphone
can the government hack your phone
can the police hack your phone
cell phone data security
cell phone signal encryption
cell secure contact details
cellcrypt
chiffrement android
chiffrer android
cipher chat no internet connection
cipher ios
ciphr phone samsung
com lge sdencryption
communication security group
convert to file encryption android n
cryptic phone
crypto phones prices
cryptophone app
cryptophone australia
cryptophone ebay
military grade encryption phone
military secure phone
mobile cryptography
mobile data encryption techniques
mobile encryption techniques
mobile phone privacy laws
mobilecrypt
most private mobile phone
most safe android phone
most secure android os
most secure android phone
Comments