Vulnerabilities in Secure Messaging Services: Lessons for Users
Recent news highlights potential threats facing people who trust desktop computers to send encrypted messages. Incidents involving encrypted emails and messages in Signal and Telegram should not discourage anyone from using encryption. Instead, they should encourage more careful use of these apps and services.
Timeline of Events
Last week, information emerged about a critical vulnerability in the PGP and S/MIME email encryption systems. Some of the worst vulnerabilities—found in email clients like Thunderbird and Apple Mail—give attackers a way to intercept previously sent messages. By embedding intercepted encrypted text into hidden parts of a new reply sent to the original sender or recipient, a criminal can trick the email client into revealing the original message as unencrypted text. These vulnerabilities in Thunderbird and Apple Mail have not yet been fully fixed, but the issue in Thunderbird was mitigated with an update to the Enigmail GPG plugin.
Another group of researchers discovered a vulnerability in the desktop version of the Signal messenger. This flaw allowed attackers to send messages containing malicious HTML and JavaScript, which would then be executed by the application. Signal’s developers released a security update just hours after being privately notified of the vulnerability. However, they had to issue a new patch after realizing the initial update did not fully resolve the issue (researchers independently confirmed this around the same time).
To demonstrate the seriousness of the flaw, researchers wrote a test exploit that uploaded messages to a server controlled by the attacker. The exploit first pulled code from an Internet-connected SMB drive, then executed it on a Windows computer running the vulnerable version of Signal. Researchers noted that this technique could spread the exploit from one vulnerable machine to another without any user interaction. With the new patch, this vulnerability has been eliminated.
This vulnerability was found just days after another weakness was revealed in desktop Signal, which allowed messages that were supposed to self-delete after a set time to remain on the macOS file system. Signal’s developers fixed this bug as well, following a private report from researchers.
In an official statement, Signal said: “We would like to thank the researchers who contacted us about this issue. Version 1.11.0 addresses the problem and was released on Monday.”
Recently, researchers from Cisco Talos reported the existence of malware infecting thousands of people using desktop Telegram. The malware steals account credentials, text files, and other potentially sensitive data, saving them in accounts accessible to anyone who analyzes the malware’s code. The malicious program is installed by tricking users into running executable files. It was created by the author of several YouTube videos demonstrating how to use the malware, likely in an attempt to sell it to other criminals.
All these vulnerabilities differ in several important ways. The first threat is tied to flaws over 10 years old, present in dozens of email clients and various encryption implementations. The second threat existed in the desktop version of Signal for about a month (mobile versions were never vulnerable). The third does not exploit any Telegram vulnerability at all, since (1) the desktop version does not offer secret chats, and (2) the malware relies on user interaction.
Healthy Paranoia
Nevertheless, all three threats are connected to encrypted messaging platforms trusted by millions of users.
“The real takeaway is that there is no such thing as perfectly secure code,” Craig Williams, senior technical leader at Cisco Talos, told Ars Technica. “There’s no magic, unbreakable OS. Every time you choose something and trust it with your secrets, you’re making a leap of faith. The more people looking for bugs in the code, the more trust you can have. Every time we find things like this, it’s a good thing.”
Knowing that even reliable software can be compromised means users need to raise their awareness of potential risks, rather than blindly relying on encryption. This, in turn, means taking steps to reduce the so-called “attack surface.” For PGP-encrypted email, the most effective approach is to disable encryption integration in email clients and use a separate app for encrypting and decrypting messages. For many, this seems overly burdensome, but it’s exactly what Edward Snowden recommended to Guardian reporter Glenn Greenwald in this video in 2013 (starting at 8:15). At a minimum, reducing the “attack surface” for PGP means disabling the loading of images embedded in messages.
When it comes to threats for Signal and Telegram users, it’s harder to find effective solutions. One possible takeaway is that it’s probably safer to run these apps on mobile devices, since app sandboxing there limits their access to system resources compared to desktop versions. True paranoids should avoid the convenience of desktop versions altogether or, at the very least, make it a habit to promptly and manually delete the most sensitive messages from hard drives. And remember: no form of encryption can protect you if one of the endpoints is compromised.
No, none of these suggestions for protecting encrypted messages offer any guarantees—and that’s the most important lesson from recent events.