Techly NewsGet the app

Get the latest tech news

Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol


This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.

Although we were unable to develop an attack to completely defeat WeChat’s encryption, the implementation is inconsistent with the level of cryptography you would expect in an app used by a billion users, such as its use of deterministic IVs and lack of forward secrecy. These findings contribute to a larger body of work that suggests that apps in the Chinese ecosystem fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems. As we mentioned in our prior work studying proprietary cryptography in Chinese IME keyboards, OS developers could consider device permission models that surface whether applications use lower-level system calls for network access.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of WeChat

WeChat

Photo of security analysis

security analysis

Related news:

News photo

X overtakes WeChat in spreading Chinese disinformation about the 2024 US presidential elections

News photo

Apple pressures Tencent to block loopholes that allow WeChat to bypass App Store fees

News photo

Apple trying to pressure WeChat into blocking a payment loophole; developer refusing

« Critical hardcoded SolarWinds credential now exploited in the wild
Black Friday deals have come early with HALF OFF this 48-inch LG OLED TV at Best Buy »