The French Govt's Hand-Rolled Encrypted Messaging Service (Briefly) Allowed Anyone To Pretend They Were A Government Official
from the inauspicious-debut dept
Early last year, news leaked out the French government was building its own encrypted messaging service. This seemed a bit disingenuous when this same government was routinely calling for backdoors in encryption for everyone else. The potential upside of the government rolling its own is that it would push government officials off third-party services and onto a platform where they might not be compromised along with everyone else if or when these privately-run platforms were hacked/backdoored.
The problem with rolling your own encryption is it's a more daunting task than those asking for it imagine it will be, as Mike Masnick pointed out in last year's post.
However, doing encrypted messaging well is... difficult. It's the kind of thing that lots of people -- even experts -- get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That's not to say it can't be done, but there are a lot of tradeoffs here, and I'm not sure that the best encryption is going to come from a government employee.
So far, this warning has proven true. The best encryption hasn't come from a government employee. At least, not yet. As Sean Gallagher writes for Ars Technica, the government's handmade messaging service, Tchap, has already been broken by a security researcher.
The name servers set up by the departments and ministries of the French government running Matrix's code were parsing email addresses submitted for new accounts to check against existing email addresses within their directory services. After doing code analysis on the Tchap package posted to Google's Play store, [researcher Baptiste] Robert used the Frida proxy tool to alter a Web request for a new account from the app to pass a crafted email address value that grafted his own address onto a known account on the targeted directory server—presidence@elysee.fr, the official email address of the Élysée, the official residence of France's president. The value sent to the server used an @ symbol to separate the two addresses (anaddress@protonmail.com@presidence@elysee.fr).
Because of the way the directory service validated the email address, it matched the address in the second half of the pair with the known address. But the code that parsed the address for the validation email on the server side, which was built with the Python email.utils module, trimmed off everything after the first valid address. That means Robert got an email back for verification of the account, and the server thought the address was an official government account.
Not only was Robert able to get his faux account validated within two hours of downloading the app, he was also able to obtain plenty of info linked to other government account profiles. On the bright side, the team behind the app reacted quickly to notification of the security flaw and suspended account creation until it could be patched. The French government has also instituted a bug bounty program for Tchap, which will hopefully result in further flaws being addressed before they're exploited by criminals or state-sponsored hackers.
To be fair, Tchap is still in its "beta" stage. But that's not much comfort considering it was rolled out for use in this state, exposing government employees' personal account info and allowing any outsider to take a seat at the Tchap table just by exploiting the system's less-than-robust validation process.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, france
Reader Comments
Subscribe: RSS
View by: Time | Thread
Sure could have used that sanity earlier...
Not only was Robert able to get his faux account validated within two hours of downloading the app, he was also able to obtain plenty of info linked to other government account profiles. On the bright side, the team behind the app reacted quickly to notification of the security flaw and suspended account creation until it could be patched. The French government has also instituted a bug bounty program for Tchap, which will hopefully result in further flaws being addressed before they're exploited by criminals or state-sponsored hackers.
Of all the things they chose to have a sane response to... well, given it's their (hypocritical) security we're talking about I suppose pure self-interest was enough for them to put a pause on the collective cranial-rectal-examination they've been engaged in the last few years, though I'm not holding my breath that it'll last.
[ link to this | view in thread ]
Account Holders
And here's a list of account holders that have themselves made an account by subverting someone within the french government:
https://en.wikipedia.org/wiki/List_of_intelligence_agencies
Please note: the "french public" is not among them.
[ link to this | view in thread ]
as so often happens, governments get involved in something they know very little about and screw it up! and make no mistake about it, this has nothing to do with stopping messaging apps etc and people passing messages on to whoever but everything to do with stopping those messages from containing damning information about the government officials, politicians and all their 'mega-rich, 1% friends' both in and out of industry!!
[ link to this | view in thread ]
The potential upside of the government rolling its own is that everyone else can nerd softer
[ link to this | view in thread ]
Free software is the point
The French state is paying for the development of Matrix applications and server-side software, plus the installation and running costs of dozens of Matrix servers, to be connected with various external messaging services.
https://fosdem.org/2019/schedule/event/matrix_french_state/
This is unquestionably a good thing. For once, France is paying for something which goes into the commons and will benefit everyone else (if they want to use it). They forked the existing software (Riot.im etc.) and improved it in ways which can be useful for others too.
Someone inspected the software, reported a bug and got it fixed within hours: I say that was the point entirely! Sure, they could have put out some bug bounties before opening it up for "everyone".
But of course building your own chat servers is not a way to have ultra-secure messaging for the secret service; it's just a harm reduction exercise for the millions of public employees who currently feel "forced" to use WhatsApp or whatever to communicate with citizens, with the result that they are subjected to infinite and unchecked surveillance by private companies.
[ link to this | view in thread ]
Re: Free software is the point
And who controls the certs or private/public keys used for encryption/decryption?
[ link to this | view in thread ]
Re: Free software is the point
The French State is not paying for anything. The taxpayers are paying for it.
[ link to this | view in thread ]
Re: Re: Free software is the point
The French Govt's IT department most likely.
[ link to this | view in thread ]
Not an encryption break
That's misleading. The broken part had nothing to do with encryption. It was based on sending an unencrypted message to... somewhere, possibly outside the government. Whoever receives it first gets access.
Had they verified using something standard like Kerberos, which more organizations are already using, they'd have been fine (...provided they didn't take the word of a non-government authentication server).
[ link to this | view in thread ]
Re: Sure could have used that sanity earlier...
The team consists of sponsored Matrix hackers. I guess they know how to roll. As for the government doing something sensible: well, even a blind chicken eventually finds some grain, as they say in German ;-)
There was a talk at the latest CCC conference about the subject by one of the team members:
https://media.ccc.de/v/35c3-9400-matrix_the_current_status_and_year_to_date
[ link to this | view in thread ]
Re: Re: Free software is the point
Yes, when someone says a government is paying for something, that means that the money is coming from people who pay taxes to that government. That's what taxes are. They're money that people pay to the government that the government then uses to pay for things.
[ link to this | view in thread ]
Re: Re: Free software is the point
If it's free software, it can, presumably, be modified to trust whatever certificate authority you would like it to.
[ link to this | view in thread ]
I wonder, are Neo and Morpheus among the Matrix hackers on that team?
[ link to this | view in thread ]
Retarded coders
Gawd, what a bunch of idiots. Can't even parse/verify/reject email addresses correctly. Sounds about right - government coders here can't figure out how to display latitude/longitude to less than eight decimal places. Here's a real example: 46.54111111, -84.32555556. That's right, apparent millimeter or better accuracy from consumer GPSrs...
The losers don't understand what happens when you use floating point storage for data that has no business being converted to floats. Gorram retards everywhere.
[ link to this | view in thread ]
Re: Retarded coders
It's actually kind of hard (1)(2). RFC3696 gives some advice, but one should first consider whether email address validation is the correct way to solve this problem. People could play games with mailing lists, different addresses that go to the same place, etc.; addresses could be reassigned; and anyway, why should email be the best way to check whether someone is a government employee? Isn't there an employee directory, maybe a public key system, that could be used?
If one government employee can't tell whether another person is an employee, there are going to be problems.
[ link to this | view in thread ]