HomeTech NewsCybersecurityChat Clients: Vulnerabilities in the Matrix SDK put end-to-end encryption at risk

Chat Clients: Vulnerabilities in the Matrix SDK put end-to-end encryption at risk

Published on

- Advertisement -

The sending of encrypted messages with various messengers is at risk due to two critical vulnerabilities.

Several bugs have wormed their way into the Matrix Chat Protocol software development kit (SDK), leaving chat clients built with it vulnerable. Among other things, the end-to-end encryption should be protected by two critical“ classified vulnerabilities may be at risk. Security updates are available. There have been no attacks so far.

A warning message states that the messengers Beeper, Cinny, Circuli, Element, SchildiChat and Synod.im created with the vulnerable SDK (matrix-js-sdk, matrix-andorid-sdk2) are threatened.

- Advertisement -

The Matrix developers emphasize that the critical vulnerabilities are implementation errors and not bugs in the Matrix protocol. The bugs should only occur in the first generation of the SDK. Clients such as FluffyChat, Hydrogen and Gomuks are not affected by the vulnerabilities. A security update is already available for Thunderbird. The mail client supports the Matrix protocol as an option since version 102.

In order to be able to attack the gaps, however, attackers must already be server admins. If this is the case, they could start with the authentication of devices and authenticate themselves instead of the device (CVE-2022-39250). They could also spoof senders of encrypted messages or steal message keys (CVE-2022-39251).

Security researchers from the University of London and the University of Sheffield provide further information on the security gaps and possible attacks in a report.

- Advertisement -

- Advertisement -

Latest articles

Across Europe, a lot of women turn to Danish sperm to get pregnant. Here’s why

With her biological clock ticking louder and louder, and a partner whose wish for...

Elder Scrolls Online Scribes of Fate Recensione: due ottimi nuovi dungeon

Ombra su Morrowind si apre con un duetto di dungeon impegnativo e affascinante: li...

More like this