Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol

(citizenlab.ca)

157 points lladnar | 1 comments | 16 Oct 24 20:06 UTC | HN request time: 0s | source

Show context

est ◴[17 Oct 24 01:24 UTC] No.41865556[source]▶

Chinese apps don't need encryption but pretends to, the government had direct access to all clear-text data. If you can't comply your business would be fucked one way or another.

Security researchers need to stop beating the dead horse. The encryption mechanism is mostly used for compliance or certification. In fact many corp-intranet middleboxes can decrypt wechat communications, it's not a bug, it's a feature.

IRL people just treat wechat as somekind of Discord with payment options. If you say something slightly wrong your account would instantly get into trouble. Just assume your wechat chat records are public one way or another.

replies(3): >>41865655 #>>41866400 #>>41870896 #

crazylogger ◴[17 Oct 24 04:21 UTC] No.41866400[source]▶

>>41865556 #

For one thing, Chinese government does have an incentive to enforce good encryption so that foreign adversaries cannot snoop in on important Chinese communications. Only the Chinese government has access via Tencent’s backend.

replies(1): >>41867441 #

Yeul ◴[17 Oct 24 08:10 UTC] No.41867441[source]▶

>>41866400 #

The Dutch government is a joke they'll happily communicate via WhatsApp. But then the Netherlands is hardly a geopolitical player.

But surely Chinese officials don't use Wechat?

replies(1): >>41869991 #

1. some_random ◴[17 Oct 24 14:25 UTC] No.41869991[source]▶

>>41867441 #

First off the Dutch are pretty important for a few reasons, their ports and cyber program being the first things that pop into my head. As for Wechat, why wouldn't Chinese officials use it? Even if they didn't use it for official work (which they do, to the best of my knowledge), just about everyone there uses it.

↑