The rise of mass protests over the past year – in Hong Kong, India, Iran, Lebanon, Zimbabwe and the US – has posed a major challenge to activists. How do you communicate with each other when internet connections are heavily experienced or completely shut down while keeping your identity and conversations private?
One heavily promoted solution is Bridgefy, a messaging app that leverages the financial and marketing backing of Twitter co-founder Biz Stone and may have more than 1.7 million installations. Through routing via Bluetooth and mesh network, Bridgefy allows users to send and receive both direct and group texts without trusting the Internet within a few hundred meters – and much further, as long as there are intermediate nodes.
Bridgefy co-founder and CEO Jorge Ríos said he originally proposed the app as a way for people to communicate in rural areas or other places where internet connections were scarce. And with the rise of the past year of large-scale protests around the world – often in places with hostile or authoritarian governments – representatives of corporate journalists began to tell journalists that the use of the end-to-end coding app (repeated here , here and here) activists protect against governments and opponents try to intercept texts or block communication.
In recent months, the company has continued to keep the app out as a safe en reliable way for activists to communicate in large meetings. Bridgefy’s tweets include Protestants Belarus, India, en Zimbabwe, not to mention the Protests by Black Lives Matter in the US. The company has also said that its software developer kit can be used to build COVID-19 app for tracking contacts.
Just this month, on August 10, this article quoted Bridgefy co-founder and CEO Jorge Ríos as saying, “Last year we became the protest app.” Until last week, Bridgefy told Android users via the Google Play Store: “Don’t worry! Your messages are safe and cannot be read by these people in the middle.” The company encourages iOS users to be ‘safe and private’ make conversations’ with the app.
But now researchers are discovering a litany of recently uncovered flaws and shortcomings that show that almost every claim of anonymity, privacy and reliability is false.
Unsafe at any speed
In a paper published on Monday, researchers said that the app’s design for use at concerts, sporting events, as well as during natural disasters would undoubtedly make it unsuitable for more threatening institutions such as mass protests. She wrote:
Although it is advertised as “safe” and “private” and its creators claim that it was secured by end-to-end encryption, none of the mentioned cases of use can be considered as taking place in adversarial environments, such as situations of civil concerns where trying to undermine the security of the application are not only possible but to be expected, and where such attacks can have dire consequences for their users. Despite this, the Bridgefy developers are advertising the app for such scenarios and media reports suggest that the application is indeed trusted.
The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. Following the reverse engineering of the app, it launched a series of devastating attacks that could allow hackers – in many cases with only modest resources and moderate skill levels – to take hostile hostile actions against users. The attacks can:
- deanonymizing users
- build social graphs of user interactions, both in real time and after the fact
- decrypt and read instant messages
- personalize users to everyone else on the network
- shut down the network completely
- performing active man-in-the-middle attacks that allow an opponent to not only read messages but also attack them
Personalization, MitMs, and more
A major drawback that makes many of these attacks possible is that Bridgefy does not provide a means of cryptographic authentication, which uses one person to prove that she is who she claims to be. Instead, the app relies on a user ID that is sent in plain text to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to forge another user.
With no effective way to authenticate, any user can personalize any other user, as long as an attacker comes into contact with that user at least once (whether one-on-one or in network-wide broadcast messages). This allows the attacker to pose as a trusted contact and harass a person to disclose personal names or other confidential information, or take harmful actions. The lack of verification can also lead to delivery or deletion of messages.
Here’s how: As a hypothetical Bridgefy user Ursula posts about Ivan, she uses Ivan’s public key to encrypt the message. Ivan then uses his private key to decrypt the message. With no cryptographic means to verify a user’s identity, an attacker could – say, someone named Eva – personalize Ivan and present her own public key to Ursula. From then on, Eve can interpret and read all the messages that Ursula sends to Ivan. To confuse with the messages that Ursula or Ivan send, Eve likens both parties to the other. This allows Eve to underline the messages each one sends and change the content or add malicious attachments before sending them to the other party.
There’s a separate way to read encrypted messages, thanks to another major Bridgefy bug: using PKCS # 1, an outdated way of encrypting and formatting messages so that they can be encrypted using the RSA cryptographic algorithm . This coding method, which was deprecated in 1998, allows attackers to execute what is known as a padding oracle attack to extract content from an encrypted message.