Skip to main content

ISG researchers discover vulnerabilities in Matrix protocol

ISG researchers discover vulnerabilities in Matrix protocol

  • Date28 September 2022

A team of cryptographers – Dan Jones and Martin Albrecht (Royal Holloway), Sofía Celi (Brave) and Benjamin Dowling (University of Sheffield) has found several, practically-exploitable cryptographic vulnerabilities in the end-to-end encryption provided by the popular Matrix protocol and its flagship client implementation Element.

Telegram

These attacks break the confidentiality and authentication of end-to-end encrypted messages against a malicious server and allow such a server to read user messages and to impersonate them to each other. The research paper (pre-print) is available online and a first set of countermeasures and mitigations has been released on Wednesday, 28 September by the Matrix developers.

Matrix is an open-source project that aims to provide secure, decentralised, real-time communication.While Matrix’ federated nature makes it difficult to assess how widely it is used, several notable organisations and institutions have adopted it or announced plans to do so. For example, both KDE and Mozilla announced plans to switch their internal communications to Matrix in 2019; the Fourth Estate announced its plans to build an encrypted messenger for journalists and news organisations based on Matrix in 2021; the French government announced plans to create their own instant messaging app – Tchap – based on Matrix which was released in 2019; the German ministry of defence launched BwMessenger – for use in internal, official (and classified) communication – based on Matrix in 2020 with a view to move over other parts of the German government; the German healthcare system announced its plans to adopt Matrix in 2021. In March 2021, matrix.org – the most popular Matrix server – announced that there are 28 million global visible accounts. The Element website claims +60M Matrix users.

The attacks work in the setting where encrypted messaging and verification are enabled, i.e. in the presence of the strongest protections offered by the protocol. A caveat worth noting is that if this condition is not satisfied, even for one device or user, then e.g. impersonation becomes trivial. While Element already supports the option of refusing to send messages to unverified devices, an option that is being extended in today's fixes, it does not reject messages from such devices. Thus, unless a client-side option is provided to reject all communication from unverified devices or rooms with such devices within them, Matrix clients will not provide a secure chat environment regardless of cryptographic guarantees provided for verified devices.

Dan Jones, a PhD candidate at Royal Holloway, University of London and the study's main author, commented: "While today's fixes are not complete, these are good first steps towards ensuring that Matrix lives up to its promises of confidentiality and authentication. The longer term plans communicated to us by the Matrix developers should then provide full protection against our attacks. Matrix occupies a unique position within the messaging space, providing an end-to-end encrypted federated messaging platform. We hope our work inspires others to scrutinise its security to ensure that potential further issues are found-and-fixed or ruled out early. Doing so will help to strengthen the platform and ensure its long-term viability."

 

Explore Royal Holloway

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones.

Heading to university is exciting. Finding the right place to live will get you off to a good start.

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help.

Discover more about our academic departments and schools.

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’.

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

Discover world-class research at Royal Holloway.

Discover more about who we are today, and our vision for the future.

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today.

We’ve played a role in thousands of careers, some of them particularly remarkable.

Find about our decision-making processes and the people who lead and manage Royal Holloway today.