back to article Impersonating users of 'protest' app Bridgefy was as simple as sniffing Bluetooth handshakes for identifiers

An instant messaging app whose creators promoted it as secure and end-to-end encrypted was in fact no such thing, according to researchers at Royal Holloway. The University of London college found, according to a paper it published yesterday, that the app "permits its users to be tracked, offers no authenticity, no effective …

  1. Zippy´s Sausage Factory
    Black Helicopters


    "Bridgefy was promoting itself earlier this year as the app of choice for protesters in Hong Kong and India to organise their activities without being easily spied upon by law enforcement agencies."

    If it's that easy to break into it, you have to wonder whether it was actually written with that level of snooping in mind.

    Now if you'll excuse me, I'm off to polish my collection of tinfoil hats. Can't let them get too dull, you know, it impairs their efficiency...

  2. jorgeribs

    Hi everyone, I'm Jorge, founder at Bridgefy.

    We're acutely aware of this conversation, and know that we must prioritize the safety of our user base. All of the issues reported on this article are already being fixed, and we should have updates published in the next few weeks.

    Here's our blog post:

    As always, we're available to keep the conversation going; please refer to the email address included in the blog post.


    1. BillG

      Barn Doors and Horses

      Just because an app says it's secure doesn't mean it is. In my experience if it isn't secure from the beginning, it can never be trusted again.

    2. DavCrav

      You actually said:

      "We realized that Bridgefy's security model was appropriate for a small startup,"

      No it wasn't, of course. Unless Bridgefy was originally designed as a hideously insecure mess, in which case, yeah sure. A secure messging system should be secure regardless of how many people use it.

    3. Claptrap314 Silver badge

      "Appropriate for a startup"

      1) Tin-can security is not appropriate for ANY business application.

      2) Claiming to be secure while failing to implement some of the most basic security measures is fraud. Whether the legal system catches up to it or not, you are now tainted.

    4. Anonymous Coward
      Anonymous Coward

      Here's your web server:

    5. David Austin

      You promoted your app as being "secure", which caused the (Admittedly unintended) side effect of protesters - a group that have a lot to lose up to and including their freedom if you get security and privacy wrong - misplacing their trust in you.

      You were told about these defects in April, didn't publicly address them until August, and won't have a baseline secure version that includes such revolutions as "All payloads will be encrypted" ready until September

      What you have done is borderline irresponsible.

    6. Anonymous Coward
      Anonymous Coward

      I respect your bravery for posting here.

    7. A random security guy Bronze badge

      You do realize that you prevaricated?

    8. c1ue

      Nice: a "secure" app which clearly has put zero thought into security.

      plaintext sender and receiver addresses?

      The crypto sigs is a bit more understandable - running those packages on low end cell phones is trickier than an iPhone only crowd.

      Nonetheless, the pattern seems much more Zoom than Signal.

    9. Flywheel Silver badge

      we must prioritize the safety of our user base

      You're potentially dealing with peoples' lives in hostile environments run by potentially unethical governments - did no-one think of this during the project specification?!

  3. Blackjack Silver badge


    Ever heard of Signal?

    1. E_Nigma

      Re: So...

      The trick with this app is that it makes a mesh over bluetooth that it uses to pass the messages and thus the traffic does not go through the telecom operator and keeps working when mobile signal is suspended in an area. It would be neat if it weren't as insecure.

      1. Bronze badge

        Re: So...

        Thing is, the product they're trying to peddle already exists:

        Briar is designed to work over Bluetooth, Wi-Fi access points (no Internet connection required), and TOR.

        (Supposedly it is also end-to-end encrypted, but I do not know if it has been audited for that functionality.)

  4. E_Nigma

    Party Like It's 1993!

    From what I've read on the mater, Bridgefy was originally meant as an app for communicating or passing emergency information in places and situations where mobile coverage and internet were scarce. With that purpose of a "text-based walkie-talkie" in mind, perhaps it didn't have to be super secure and anonymous. However, when it started being used in situations where the communication and users were expected to be cybersecurity targets, it's rudimentary and flawed communication encryption became woefully inadequate.

    "Fun" fact: according to ArsTechnica, the encoding method utilized by the app was introduced in 1993 and deprecated in 1998! How on Earth?!?!?! How does a modern app end up using something that was deprecated over 20 years ago?!

    1. Anonymous Coward
      Anonymous Coward

      Re: Party Like It's 1993!

      "the encoding method utilized (PKCS#1) by the app was introduced in 1993 and deprecated in 1998"

      As an explanation rather than an excuse, this likely a combination of library defaults (it looks like the MessagePack serializer defaults to PKCS#1) and compatibility (based on experience supporting BYOD deployments in HK/India, supporting older mobile OS's was likely considered a high priority). While it can be decrypted (via Bleichenbacher’s attack), its still requires a significant number of messages to be sent (~1 million) before that is possible.

      The reality is that this isn't even the key issue as message decryption is only an issue if you aren't already in the groups - anonymizing user information (my assumption is device information is mandatory for BLE comms) by authenticating to groups and using group key rotation would likely be sufficient to make decryption difficult in real-time/near real-time and prevent users being identified directly other than by their device identifier.

      Which then leads to the device identifier showing you were present unless you use disposable phones or utils to alter the Bluetooth MAC - which is likely to be practical for organisers at least.

  5. David Roberts

    Ah, the good old

    Compressed data message bomb.

    I can recall that being used to destroy early anti virus scanners.

    That was a LONG time ago, though.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022