Critical vulnerabilities that compromise through encryption in many Matrix clients

Developers of the Matrix decentralized communications platform warned about the identification of critical vulnerabilities in the libraries of Matrix-js-sdk, Matrix-osdk and Matrix- Android-SDK2, allowing access to messages transmitted in end encryption chats (E2EE). Vulnerability is caused by errors in certain implementations of the Matrix protocol and are not problems of the protocol itself. Currently, the project has been issued updates to problem SDK and parts of customer applications built on their basis.

A successful attack requires an appeal to a controlled home server (Homeserver, a server for storing history and accounting records of customers). The problem affects the main Matrix client element (formerly riot) for Web, desktop systems, iOS and Android, as well as third-party client applications, including cinny , beeper , schildichat , circuli and and and synod.im . The problem is not manifested in the libraries of Matrix-Rust-SDK, Hydrogen-SDK, Matrix Dart SDK, Mautrix-Python, Mautrix-Go and Matrix-Nio, as well as in the Hydrogen, Elementx, Fluffychat, Syphon, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, Timmy, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY, TIMMY. .

Three main scenarios of the attack are highlighted:

  • The administrator of the Matrix server can violate the verification of the verification on Based on Emoji (sas, short authentication strings) when using cross -drawn signatures and passing himself for another user. The problem is caused by vivacy (CVE-2022-39250) in the Matrix-JS-SDK code related to mixing the processing of devices and cross-signature detachments.
  • The attacker that controls the server can fake the sender who deserves confidence and use fictitious keys to intercept messages from other users. The problem is caused by a vulnerability to Matrix-JS-SDK (CVE-2022-39251), Matrix-Ios-SDK (CVE-2022-39255) and Matrix-Android-SDK2 (CVE-2022-39248), due Posted by messages, encrypted using the protocol megolm instead of olm , attributing messages to the sender Megolm, and not the actual sender.
  • Using the server, the server administrator can also add a fictitious spare key to the user account.
/Media reports.