Updates to the offline messaging app Bridgefy left users facing significant security vulnerabilities.

This new research from the Information Security Group at Royal Holloway, University of London and the Applied Cryptography Group at ETH Zurich suggests that users could still be tracked, or fall victim to snooping despite the application using an industry standard encryption library.

Bridgefy is a messaging app that has been advertised for use by people across the world during large-scale protests when normal forms of communication are down. The developers of the app reported increased uptake during sites of protest or government mandated Internet shutdowns. Bridgefy has cited high usage during protests in Hong Kong, India, Iran, Lebanon, Zimbabwe, the United States, and the company reported over a million downloads in Myanmar following a coup in February 2021.

In August 2020, researchers from Royal Holloway found serious vulnerabilities in the messaging app, warning that it could have significant consequences for its users. Following this, the developers updated their application to use the industry-standard Signal protocol to address these vulnerabilities, and resumed advertising their application for highly adversarial situations.

However, now a joint team of researchers – Raphael Eikenberg and Professor Kenny Paterson from the Applied Cryptography Group at ETH Zurich, and Professor Martin Albrecht from the Information Security Group at Royal Holloway demonstrated that these fixes were insufficient. In particular, they show that:

1. Bridgefy users could still be tracked.
2. Broadcast messages remained unauthenticated; an attacker can exploit this to impersonate other users on the network.
3. The protocol remained susceptible to an attacker in the middle which can break confidentiality of messages. While such an attack was now limited to the first exchange between a pair of users, the research team notes that Bridgefy offers users no option to verify the public keys of their contacts.
4. Any nodes in the network that receive a single carefully crafted message became unable to participate in further network communication. Given that Bridgefy is predominantly adopted to provide resilience against Internet outages this denial of service attack threatens its central application.

Most critical, however, is that the team managed to mount a practical attack against Signal-protected one-on-one messages that allows an attacker to read about half of all encrypted messages.

Professor Martin Albrecht, Director of the Cryptography Group at Royal Holloway, said: “We recommend that users avoid Bridgefy until its developers have committed to regular public security audits by respected third party auditors.”

The research team informed the Bridgefy developers on 21 May 2021 and the main vulnerability allowing an attacker to read encrypted messages was fixed on 14 August 2021.

Details about the research team’s finding can be found at https://eikendev.github.io/breaking-bridgefy-again.