Breaking Bridgefy, again

Adopting libsignal is not enough

We analysed the Bridgefy messaging application and found that your private messages are not safe.

What is Bridgefy?
Bridgefy is a messaging application that uses Bluetooth to transmit messages, so that no Internet is required. Its developers (1, 2, 3, 4, 5, 6, 7) and others (Reuters, Forbes) have advertised it for use in areas witnessing large-scale protests and often violent confrontations between protesters and agents of the state. After a security analysis in August 2020 by Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekov√° reported severe vulnerabilities, the Bridgefy developers adopted the Signal protocol. The Bridgefy developers then continued to advertise their application as being suitable for use by higher-risk users.

In this work, we analyse the revised security architecture of Bridgefy and report severe vulnerabilities:

  1. Bridgefy users can still be tracked.
  2. Broadcast messages remain unauthenticated; an attacker can exploit this to mount impersonation attacks.
  3. The protocol remains susceptible to an attacker in the middle. While such an attack is now limited to the first exchange between a pair of users (i.e., it abuses a “trust on first use” or TOFU assumption) we note that Bridgefy offers users no option to verify the public keys of their contacts.
  4. Any nodes in the network that receive a single carefully crafted message become unable to participate in further network communication.

The headline news is, however, that we have a practical attack, with a proof of concept implementation, that breaks confidentiality of libsignal-protected private messages which succeeds with a probability of about 50%.

Our attack in no way threatens Signal or libsignal but attacks how Bridgefy uses it.

We disclosed these vulnerabilities to Bridgefy on 21 May 2021 and the vulnerability allowing an attacker to read encrypted messages was fixed on 14 August 2021. However, we recommend that users avoid Bridgefy until its developers have committed to regular public security audits by respected third party auditors.
You can find more details in our research paper.
A video demo of the TOCTOU attack can be found here on Twitter.
Exploit Code
The source code for our attacks will be published at a later stage here on GitHub.

We are academic researchers from ETH Zurich and Royal Holloway: