Bridgefy, A Messaging App Hyped As Great For Protesters, Is A Security Mess
from the not-as-advertised dept
Over the last year Bridgefy, a messaging app developed by Twitter cofounder Biz Stone, has been heavily promoted as just perfect for those trying to stand up to oppressive, authoritarian governments. The reason: the app uses both Bluetooth and mesh network routing to let users within a couple hundred meters of one another send group and individual messages -- without their packets ever touching the internet. Originally promoted as more of a solution for those out of reach of traditional wireless, more recently the company has been playing up their product's use for protesters in Belarus, India, the U.S., Zimbabwe, and Hong Kong.
The problem: the app is a security and privacy mess, and the company has known since April, yet it's still marketing the app as great for protesters.
A new research study, first spotted by Ars Technica, found that the app suffers from numerous vulnerabilities that could actually put protesters at risk:
"Though it is advertised as “safe” and “private” and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application’s security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon."
More specifically, the researchers reverse engineered the app and found they could create attacks allowing them to decrypt and read direct messages, "de-anonymize" users, impersonate users, track a target's movement, subject users to man in the middle attacks making it possible to change message content, and even shut down the network:
"Moreover, we utilise compression to undermine the advertised resilience of Bridgefy: using a single message “zip bomb” we can completely disable the mesh network, since clients will forward any payload before parsing it which then causes them to hang until a reinstallation of the application. Overall, we conclude that using Bridgefy represents a significant risk to participants of protests."
Much of the problems stem from the fact that Bridgefy provides no means of cryptographic authentication, instead relying on a userID transmitted in plaintext. Users can then obtain this data while in local transit over the air, opening the door to impersonation and all manner of additional attacks.
The company was advised of the myriad of problems with its app back in April. And while it says it's taking steps to address many of them (including revamping the system internals to utilize the Signal protocol), and making it a little bit more clear to users that the app does not feature true end-to-end encryption, the company continues to advertise the idea it's a great tool for protesters. From Ars:
"But the company continues to send mixed messages. The App Store and Play Store promotions mentioned earlier give the impression Bridgefy can be trusted to keep messages private, even though it has been clear to the company since April that they can’t. Tweets that continue to refer to mass protests and welcome activists using the app are another example."
Belated responses, no responses, or hostile responses to security researchers is common in the United States, where we like to talk a lot about privacy and security protection in marketing and speeches, but not practice it. So while it's good Bridgefy acknowledged the flaws and even thanked the researchers in a statement, the company's decision to continue marketing the app as perfect for protesters is actively exposing those users to surveillance, arrest, and potentially worse.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, mesh networking, messaging app, protests, security
Companies: bridgefy
Reader Comments
Subscribe: RSS
View by: Time | Thread
really?
My instinct tells me THIS IS WHY it was hyped for protesters...
[ link to this | view in chronology ]
I originally wondered if the awful implementation (user names in clear text, wtf??) coupled with promoting it as good for activists had malicious intent behind it but then I remembered - do not assign to malice that which can easily be explained as stupidity...
That the marketing fairies are still pushing it at activists is.. just marketing. Never let facts get in the way of a good sales promotion.
So bad engineering and dumb marketing is much more likely but much less of a story :)
[ link to this | view in chronology ]
Are we sure it's the company sending those mixed messages, and not just some man in the middle pretending to be the company?
[ link to this | view in chronology ]
Zip bombing? Good grief that was the kind of 'prank' I played in 1995. Sending a 16 KB archive, without password, through the school servers, crafted to extract to 4 GB worth of ones. Minor reaction to them opening any archive without password and deleting the ones with. These days there are mitigation strategies to prevent the computer processing it from running into memory/processor time issues.
Same thing with the second prong of my little protest where the mail account I sent it to (and from) would forward this specific archive back to the sender twice (Just to make sure that the e-mail servers would crash from running out of space). There are mitigation strategies for that little prank as well these days.
Yes I did not like them deleting archives because they were password protected and me failing a course due to that.
[ link to this | view in chronology ]
man... what has happened to this site. i used to come here all the time and the comment section was alive and large... sad to see it go down like this
[ link to this | view in chronology ]
Re:
Did you look at one post or what? oO
[ link to this | view in chronology ]