Multiple vulnerabilities recently found in the Confide messaging application could allow an attacker to leak session information, enumerate users, and even access details such as emails and phone numbers.
Confide is promoted as a “confidential messenger” that allows users to speak freely, without fearing eavesdropping, courtesy of “military grade end-to end-encryption.” However, security researchers with IOActive and Quarkslab have discovered that users’ conversations were actually exposed to man-in-the-middle (MiTM) attacks, and also uncovered various other vulnerabilities in the messenger.
In a recent report (PDF), IOActive notes that the application’s notification system did not require a valid SSL server certificate to communicate, thus leaking session information to MiTM attacks. Furthermore, the app allowed for unencrypted messages to be delivered, without alerting the user on the matter.
During their analysis, IOActive researchers also found that the software was uploading file attachments before the user sent the intended message, and that it allowed attackers to send malformed messages that could crash, slow, or otherwise disrupt the application.
Furthermore, the application didn’t use authenticated encryption, meaning that Confide was able to alter messages in-transit, an issue discovered by Quarkslab’s Jean-Baptiste Bédrune, who published a comprehensive technical analysis detailing how Confide could perform man-in-the-middle attacks and read users’ messages.
According to Bédrune, the application didn’t use a cryptographic integrity mechanism and the cryptographic protocol did not involve authentication. When notified of a new message, the client would request a list of unread threads from the server, but had no means to verify the origin of the message and to check the sender’s public key authenticity either.
“The most obvious problem is […] linked to the fact that the encrypted message origin and the authenticity of the public encryption key transmitted by the server can in no way be verified by the client,” the researcher notes. The Confide server could generate its own key pair and transmit the public part to a client, decrypt the messages sent by the client, and re-encrypt them with its own key for the actual recipient, Bédrune claims.
Other major issues discovered (PDF) by IOActive were related to account management, as it provided an attacker with the possibility to enumerate all Confide user accounts. Furthermore, the app didn’t employ a mechanism to adequately prevent brute-force attacks on user account passwords and even short, easy-to-guess passwords were allowed.
The application’s website was also found to be vulnerable. Specifically, researchers discovered an arbitrary URL redirection in it and say that this could facilitate social engineering attacks against users. Additionally, the website was observed reflecting incorrectly entered passwords back to the browser.
By exploiting the vulnerabilities, an attacker could impersonate another user by hijacking their account session or by guessing their password, learn the contact details of all or specific Confide users, become an intermediary in a conversation and decrypt messages, or alter the contents of a message or attachment in transit without first decrypting it, IOActive says.
An attacker could also leak a great deal of user information, such as: usernames; whether the user has clicked the provided verification link; userIDs; the users’ public keys; the users’ phone numbers; and the users’ email addresses.
The security company tested Confide messaging app versions 4.0.4 for Android and 1.4.2 for Windows and Mac OS X and says it was able to recover more than 7,000 records for users registered between February 22-24, 2017. IOActive estimates that “between 800,000 and one million user records were potentially contained in the database.”
“Building a secure instant messaging is not easy, but when claiming it, some strong mechanisms should really be enforced since the beginning. The confidentiality of the exchanged messages depends on the robustness of TLS. Confide can technically read all the messages that pass through its servers. End-to-end encryption, as it is implemented, solely relies on the server through which the messages pass,” Bédrune notes.
Confide was alerted on the discovered issues and has already updated its mobile and desktop applications to address some of them. The company also confirmed that it could theoretically perform MiTM attacks against its users, but also says that it plans on releasing another update to add support for independent fingerprint verification.