Messaging App Security Under Threat: Vulnerability Found In Encryption Protocol

Messaging App Security Under Threat: Vulnerability Found In Encryption Protocol

An important announcement was made during the ACM Conference on Computer and Communications Security held in Denver, Colorado regarding the weakness that was spotted in Diffie-Hellman’s algorithm. The discovery startled millions of people, because the algorithm at hand is widely used in data encryption.

The algorithm flaw actually lies in the way keys are exchanged, which is envisaged by the protocol, by the way. A limited set of primes is used in its algorithm, which is why they are frequently reused. As a result, hackers have an easy opportunity to trespass our computers.

Messaging App Security Under Threat: Vulnerability Found In Encryption Protocol

This weakness allowed the US National Security Agency to decrypt the majority of SSH, HTTPS and VPN connections. Even though it is estimated that it would take a supercomputer one whole year and a million dollars to hack a single, common 1024-bit prime, this isn’t holding back the NSA from decrypting a huge chunk of transmitted confidential information.
The results of the research leave us with no other option than to look over the list of secure messengers that advertise themselves as such. Most of them do use the “key” method, which turned the strong points they had yesterday into today’s negative aspects.
To refresh your memory, the following communication apps are encrypted with Diffie-Hellman’s algorithm:
 Adium
 BitlBee
 climm
ChatSecure
IM+
Jitsi
Xabber
Psi+
LeechCraft
Mcabber

Another interesting fact is that the aforementioned encryption method is used by Telegram. Some time ago, Pavel Durov made an official announcement that he was ready to pay $200k to anyone capable of hacking Telegram’s encryption protocol. And with the recent news and all, maybe we will soon find out that someone did take home Durov’s promised prize. You never know!

Share this:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...Loading...