Security News > 2023 > January > Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema.

We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

We present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols.

As another, we demonstrate a compression-based side-channel attack that recovers users' long-term private keys through observation of the size of Threema encrypted back-ups.

In a web post, Threema officials said the vulnerabilities applied to an old protocol that's no longer in use.

Left out of the statement is that the protocol the researchers analyzed is old because they disclosed the vulnerabilities to Threema, and Threema updated it.

News URL

https://www.schneier.com/blog/archives/2023/01/security-analysis-of-threema.html