Post · bonfire.cafe

Post

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange · 2 weeks ago

When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.

The root cause is nothing to do with phone numbers. It depends on two things:

Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.

If you actually wanted to convince people your system was better you would:

Show that you don’t issue read receipts (which will put some people off because they are useful).
Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.

Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.

Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.

@link2xt@fosstodon.org replied · 2 weeks ago

@david_chisnall
Re XMPP:
> And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.

I guess the client can still pretend to fail to receive it? Just like responding with TCP RST or ICMP echo-response, technically yes, you MUST respond according to the spec, but in practice you can just firewall it away to slow down network scans.

@link2xt@fosstodon.org replied · 2 weeks ago

@david_chisnall In Delta Chat there are no device-to-device delivery receipts ("two empty checkmarks" in Signal: https://support.signal.org/hc/en-us/articles/360007320751-How-do-I-know-if-my-message-was-delivered-or-read) and no automatic error responses. There are read receipts, but they require displaying the message, so cannot be silent and are not sent for reactions. There is a known issue with long-living QR codes/invite links, but this cannot be used to probe online status of someone you just happen to be in the chat with, I posted about it here:
https://support.delta.chat/t/careless-whisper-on-deltachat/4396/2

Delta Chat

@delta@chaos.social replied · 2 weeks ago

@david_chisnall @arcanechat being careful of claiming that something is "secure" is good advise/critique. Users are easily misled other ways. As to delivery receipts, it's unlikely there is a big problem with #chatmail clients (of which delta chat and arcanechat are two) because you can not cause a delivery receipt from a peer. But there are likely online-leakage issues with the invite protocols https://securejoin.readthedocs.io like https://github.com/chatmail/core/issues/7555 that require work and independent audits.

ArcaneChat

@arcanechat@fosstodon.org replied · 2 weeks ago

@david_chisnall

> rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.

I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-audits
can you provide a similar list of REAL sec. audits for Signal?

Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure instant messaging app, available for mobile and desktop platforms. Instant creation of private chat profiles with secure and i...

⁂

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.40 no JS en

Automatic federation enabled