Security News > 2023 > January > Threema claims encryption flaws never had a real-world impact
Ultimately, Threema dismissed the importance of ETH Zurich's research, saying that the disclosed issues are no longer relevant to the protocol used by the software and never had any considerable real-world impact.
Cloning via Threema ID export - An attacker can clone other people's accounts on their device during windows of opportunity like the victim leaving their device unlocked and unattended.
Compression side-channel - A vulnerability in Threema's encryption allows attackers to extract a user's private key by controlling their own username and forcing multiple backups on Android devices.
On November 29, 2022, Threema released its new communication protocol, Ibex, which implements forward security for Threema's e2ee layer.
Threema released a statement on the disclosure of the issues, stating that the finding's current applicability and historic importance overall do not have considerable "Real-world" impact.
Threema also dismisses the claims about the "Ibex" protocol being designed around the findings of the ETH Zurich team, as the protocol has been under development for 1.5 years already.