The developers of the Matrix communication protocol warn of two “critical“Security gaps that jeopardize the end-to-end encryption of messages sent with some matrix-based messengers. Security updates are available. No attacks are said to have occurred so far.
As indicated by a warning message, the following messengers are specifically affected:
- Element (Android, Desktop, Web). The iOS version is not affected.
- The price
Encryption at risk
The vulnerabilities (CVE-2021-40823, CVE-2021-40824) can be found in the key sharing function for “sharing keys”. This function is useful, for example, if a new client in a group chat does not yet have the key to read the messages. Thanks to the function, he receives this from another device in the chat. In this way, the new client can also decrypt and read past messages.
According to the specifications of the matrix developer, for security reasons this should not happen with every key request by clients. They recommend that automatic key distribution should only be done to verified devices of the same user. Accordingly, it is not a bug in the protocol, but rather weaknesses in the implementation. If the key distribution takes place without the identity check of a device, an attacker could hook up with a compromised account and read messages.
In the warning message In addition to vulnerable clients and SDKs, the matrix developers also list patched versions and, according to the current state of knowledge, unaffected software. The developers now want to better formulate their documentation for the implementation of the key sharing function. But you also question the function itself and consider removing it in the future.