Paper 2021/214
Mesh Messaging in Large-scale Protests: Breaking Bridgefy
Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Mareková
Abstract
Mesh messaging applications allow users in relative proximity to communicate without the Internet. The most viable offering in this space, Bridgefy, has recently seen increased uptake in areas experiencing large-scale protests (Hong Kong, India, Iran, US, Zimbabwe, Belarus), suggesting its use in these protests. It is also being promoted as a communication tool for use in such situations by its developers and others. In this work, we report on a security analysis of Bridgefy. Our results show that Bridgefy, as analysed, permitted its users to be tracked, offered no authenticity, no effective confidentiality protections and lacked resilience against adversarially crafted messages. We verified these vulnerabilities by demonstrating a series of practical attacks on Bridgefy. Thus, if protesters relied on Bridgefy, an adversary could produce social graphs about them, read their messages, impersonate anyone to anyone and shut down the entire network with a single maliciously crafted message.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. CT-RSA 2021
- DOI
- 10.1007/978-3-030-75539-3_16
- Keywords
- mesh messagingsecurity analysis
- Contact author(s)
-
lenka marekova 2018 @ live rhul ac uk
martin albrecht @ rhul ac uk
jorge blascoalis @ rhul ac uk
rikke jensen @ rhul ac uk - History
- 2021-05-21: revised
- 2021-03-02: received
- See all versions
- Short URL
- https://ia.cr/2021/214
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/214,
author = {Martin R. Albrecht and Jorge Blasco and Rikke Bjerg Jensen and Lenka Mareková},
title = {Mesh Messaging in Large-scale Protests: Breaking Bridgefy},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/214},
year = {2021},
doi = {10.1007/978-3-030-75539-3_16},
url = {https://eprint.iacr.org/2021/214}
}
