←back to thread

Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol

(citizenlab.ca)
157 points lladnar | 7 comments | 16 Oct 24 20:06 UTC | HN request time: 1.249s | source | bottom
Show context
thimabi ◴[16 Oct 24 21:29 UTC] No.41864030[source]
WeChat using a custom protocol like MMTLS instead of sticking with something solid like TLS 1.3 is a risky move. Rolling your own crypto almost always leads to trouble. Of course, there may be ulterior motives behind Tencent’s decision, and users have little power to change it. For an app with over a billion users, that’s pretty concerning.
replies(2): >>41864971 #>>41871490 #
1. tptacek ◴[16 Oct 24 23:35 UTC] No.41864971[source]
Is it concerning? It's not end-to-end secure to begin with.
replies(1): >>41865014 #
2. thimabi ◴[16 Oct 24 23:41 UTC] No.41865014[source]
It is insecure depending on one’s threat model. Though I agree end-to-end encryption would be the best practice.
replies(2): >>41865086 #>>41865601 #
3. tptacek ◴[16 Oct 24 23:53 UTC] No.41865086[source]
Can you articulate what that threat model would be?
replies(1): >>41865226 #
4. xvector ◴[17 Oct 24 00:20 UTC] No.41865226{3}[source]
You are only okay with the CCP and your recipient knowing your conversation.
replies(1): >>41865293 #
5. tptacek ◴[17 Oct 24 00:35 UTC] No.41865293{4}[source]
That's kind of how I read it too, which makes some of the suppositions here (about the CCP inducing bad protocol design) odd.
replies(1): >>41867816 #
6. est ◴[17 Oct 24 01:33 UTC] No.41865601[source]
> end-to-end encryption would be the best practice

If you think about it, no it's not in this case.

The "end" you are refering to here, are mostly Chinese android phones.

The system just hook into your apk, read your (encrypted) sqlite3 local data, or screen-read your UI for content.

Even the Wechat realized how badly the landscape was, so they even rolled rolled out inhouse "input method" for "privacy conerns"

7. im3w1l ◴[17 Oct 24 09:22 UTC] No.41867816{5}[source]
I agree it's probably a mistake but I can also see another possibility:

But first, consider the CCP. The CCP has nearly 100 million members. That's a lot of people. More than many countries. It's not a very exclusive club. Clearly such a large organization cannot be considered as a united whole. It's not just whether "the CCP can read it" it's about which part of the CCP can read it.

Can the low ranking CCP member read the wechat message of the high ranking member fucking his wife? Maybe not? But maybe he would like to? Maybe he knows a mathematician that can help him for a reasonable sum of money? Or maybe someone wants to do a bit of corporate espionage?

In other words the inner core of the party wants nobus, whereas the periphery has incentives to undermine it.