The ‘Bridgefy’ Messaging App Is Unfit for Purpose and Vulnerable to MITM

• Researchers warn about a host of privacy-risking flaws that plague the Bridgefy messaging app.
• The encryption scheme used in Bridgefy was practically deprecated over two decades ago, in 1998.
• Bridgefy proved unable to fix the reported flaws until the disclosure time comes, and this remains the case.

A team of researchers from the University of London is warning the world about Bridgefy and why the end-to-end encrypted communications application is overly unfit for use in risky situations, such as public protests. The researchers tested the app to see how well it protects user privacy, anonymity, and communication content - and unfortunately, for those who trust it, the test results aren’t positive.

As they verified, it is possible for an adversary to produce social graphs about other users, impersonate someone else, read other people’s messages, and shut down the entire network with a maliciously crafted message.

Right now, there are large-scale protests taking place in the United States, Iran, Israel, Belarus, France, Hong Kong, and various other places in the world. This creates the need for apps like Bridgefy to communicate with like-minded individuals, coordinate their protesting activity, and exchange information - all with the hope that they’re not risking their identity.

Bridgefy can send messages over Bluetooth, reaching out to the members of a mesh network, typically fellow protesters marching on the street. The connections are based on the exchange of public keys for verification, and the content is RSA-encrypted.

But here’s the problem with Bridgefy. Until December 2019, it required users to register using a phone number, and while this was pushed to being an optional path now, it’s still there. This little detail can expose the identities of protesters. Secondly, there is no cryptographic authentication like there is on Keybase, for example, so anyone can impersonate any user. Thirdly, two people that have been in range before don’t exchange new handshake keys when they’re back in range again, making it possible to conduct historical tracing.

Finally, it is possible to breach Bridgefy’s encryption scheme because it is practically simplistic and outdated, using what is known as a “padding oracle attack.” In addition to this, any images sent through the app aren’t encrypted at all.

The researchers mention that they informed Bridgefy’s developers of all the above, offering PoCs and details on April 27, 2020. The app creators acknowledged the reception, and soon, they started informing the users of the current app version that there can be no confidentiality guarantees on it.

In July, they informed the researchers that they’re planning to switch to the Signal cryptographic SDK, so as to address most of their app’s problems. At the time of the disclosure, Bridgefy is still vulnerable to the above flaws, and they have not managed to push updates that address them effectively.

Read More:

• End-to-End Encryption for Google Messages Is Apparently on the Way
• Zoom Decides to Make End-to-End Encryption Available to Everyone
• “Encrochat” Says Europol Took Control of Its Infrastructure