Paper 2021/214

Mesh Messaging in Large-scale Protests: Breaking Bridgefy

Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Mareková


Mesh messaging applications allow users in relative proximity to communicate without the Internet. The most viable offering in this space, Bridgefy, has recently seen increased uptake in areas experiencing large-scale protests (Hong Kong, India, Iran, US, Zimbabwe, Belarus), suggesting its use in these protests. It is also being promoted as a communication tool for use in such situations by its developers and others. In this work, we report on a security analysis of Bridgefy. Our results show that Bridgefy, as analysed, permitted its users to be tracked, offered no authenticity, no effective confidentiality protections and lacked resilience against adversarially crafted messages. We verified these vulnerabilities by demonstrating a series of practical attacks on Bridgefy. Thus, if protesters relied on Bridgefy, an adversary could produce social graphs about them, read their messages, impersonate anyone to anyone and shut down the entire network with a single maliciously crafted message.

Available format(s)
Publication info
Published elsewhere. CT-RSA 2021
mesh messagingsecurity analysis
Contact author(s)
lenka marekova 2018 @ live rhul ac uk
martin albrecht @ rhul ac uk
jorge blascoalis @ rhul ac uk
rikke jensen @ rhul ac uk
2021-05-21: revised
2021-03-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Martin R.  Albrecht and Jorge Blasco and Rikke Bjerg Jensen and Lenka Mareková},
      title = {Mesh Messaging in Large-scale Protests: Breaking Bridgefy},
      howpublished = {Cryptology ePrint Archive, Paper 2021/214},
      year = {2021},
      doi = {10.1007/978-3-030-75539-3_16},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.