Mesh Messaging in Large-scale Protests: Breaking Bridgefy

Mesh messaging applications allow users in relative proximity to communicate without the Internet. The most viable offering in this space, Bridgefy, has recently seen increased uptake in areas experiencing large-scale protests (Hong Kong, India, Iran, US, Zimbabwe, Belarus, Thailand), suggesting its use in these protests. It is also being promoted as a communication tool for use in such situations by its developers and others. In this work, we perform a security analysis of Bridgefy. Our results show that Bridgefy permits its users to be tracked, offers no authenticity, no effective confidentiality protections and lacks resilience against adversarially crafted messages. We verify these vulnerabilities by demonstrating a series of practical attacks on Bridgefy. Thus, if protesters rely on Bridgefy, an adversary can produce social graphs about them, read their messages, impersonate anyone to anyone and shut down the entire network with a single maliciously crafted message. As a result, we conclude that participants of protests should avoid relying on Bridgefy until these vulnerabilities are addressed and highlight the resulting gap in the design space for secure messaging applications.

[1]  John Kelsey,et al.  Compression and Information Leakage of Plaintext , 2002, FSE.

[2]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[3]  Harry Halpin,et al.  Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols , 2017 .

[4]  Mike Ryan,et al.  Bluetooth: With Low Energy Comes Low Security , 2013, WOOT.

[5]  David Starobinski,et al.  Tracking Anonymized Bluetooth Devices , 2019, Proc. Priv. Enhancing Technol..

[6]  Juraj Somorovsky,et al.  Return Of Bleichenbacher's Oracle Threat (ROBOT) , 2018, IACR Cryptol. ePrint Arch..

[7]  Peter Deutsch,et al.  GZIP file format specification version 4.3 , 1996, RFC.

[8]  Matthew Green,et al.  Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage , 2016, USENIX Security Symposium.

[9]  Gage Boyle,et al.  20 years of Bleichenbacher attacks , 2019 .

[10]  Jason Uher,et al.  Denial of Sleep attacks in Bluetooth Low Energy wireless sensor networks , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[11]  Jorge Blasco,et al.  A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape , 2018, USENIX Security Symposium.

[12]  Britta Hale,et al.  Efficient Post-Compromise Security Beyond One Group , 2019 .

[13]  Michael Walter,et al.  Keep the Dirt: Tainted TreeKEM, an Efficient and Provably Secure Continuous Group Key Agreement Protocol , 2019, IACR Cryptol. ePrint Arch..

[14]  Matthias Hollick,et al.  Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept , 2019, SSR.

[15]  Christof Paar,et al.  DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.

[16]  Vlastimil Klíma,et al.  Attacking RSA-Based Sessions in SSL/TLS , 2003, CHES.

[17]  Burton S. Kaliski,et al.  PKCS #1: RSA Encryption Version 1.5 , 1998, RFC.

[18]  John Paul Dunning,et al.  Taming the Blue Beast: A Survey of Bluetooth Based Threats , 2010, IEEE Security & Privacy.

[19]  NEAL HARRIS BREACH : REVIVING THE CRIME ATTACK , 2013 .

[20]  Mohammed Atiquzzaman,et al.  Security threats in Bluetooth technology , 2018, Comput. Secur..

[21]  David Fifield,et al.  A better zip bomb , 2019, WOOT @ USENIX Security Symposium.

[22]  Peter Deutsch,et al.  DEFLATE Compressed Data Format Specification version 1.3 , 1996, RFC.

[23]  Harry Halpin,et al.  Co-ordinating Developers and High-Risk Users of Privacy-Enhanced Secure Messaging Protocols , 2018, SSR.

[24]  Yevgeniy Dodis,et al.  Security Analysis and Improvements for the IETF MLS Standard for Group Messaging , 2020, IACR Cryptol. ePrint Arch..

[25]  Graham Steel,et al.  Efficient Padding Oracle Attacks on Cryptographic Hardware , 2012, IACR Cryptol. ePrint Arch..

[26]  Zhiqiang Lin,et al.  Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps , 2019, CCS.

[27]  Alexandre Adomnicai,et al.  Hardware Security Threats Against Bluetooth Mesh Networks , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).