Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityChat Clients: Vulnerabilities in the Matrix SDK put end-to-end encryption at risk

Chat Clients: Vulnerabilities in the Matrix SDK put end-to-end encryption at risk

Published on

- Advertisement -

The sending of encrypted messages with various messengers is at risk due to two critical vulnerabilities.

Several bugs have wormed their way into the Matrix Chat Protocol software development kit (SDK), leaving chat clients built with it vulnerable. Among other things, the end-to-end encryption should be protected by two critical“ classified vulnerabilities may be at risk. Security updates are available. There have been no attacks so far.

A warning message states that the messengers Beeper, Cinny, Circuli, Element, SchildiChat and Synod.im created with the vulnerable SDK (matrix-js-sdk, matrix-andorid-sdk2) are threatened.

- Advertisement -

The Matrix developers emphasize that the critical vulnerabilities are implementation errors and not bugs in the Matrix protocol. The bugs should only occur in the first generation of the SDK. Clients such as FluffyChat, Hydrogen and Gomuks are not affected by the vulnerabilities. A security update is already available for Thunderbird. The mail client supports the Matrix protocol as an option since version 102.

In order to be able to attack the gaps, however, attackers must already be server admins. If this is the case, they could start with the authentication of devices and authenticate themselves instead of the device (CVE-2022-39250). They could also spoof senders of encrypted messages or steal message keys (CVE-2022-39251).

Security researchers from the University of London and the University of Sheffield provide further information on the security gaps and possible attacks in a report.

- Advertisement -

- Advertisement -

Latest articles

Can IPTV users be fined?

It is likely that you have read or heard someone mention the acronym IPTV,...

Mark Zuckerberg could be in plans to monetize WhatsApp through subscription plans

Currently the big technology companies have fallen into a situation where their finances have...

More like this