Confide, a messaging app that’s raised millions in venture capital and promises “military-grade encryption” to its users, has surged in popularity among D.C. insiders who want to keep their communications secret under the Trump administration. White House staffers have been drawn to Confide by its security features, which include messages that require a reader to run their finger over the text as they read and destruct after reading. But security researchers say Confide isn’t living up to its encryption guarantee.
Fred Raynal and Jean-Baptiste Bédrune of Quarkslab published a proof-of-concept paper and video today that demonstrates how to intercept encrypted Confide messages. “Confide can read user messages,” the Quarkslab duo said.
Confide CEO Jon Brod disputed the claims, saying that the Quarkslab researchers had been “slightly misleading” in their report.
Most encrypted messaging platforms, including Confide, rely on public and private encryption keys to keep messages secret while they’re in transit. A sender jumbles up their message using a recipient’s public key, and the message can only be made legible again with the recipient’s private key. The private key has to stay secret, so it’s stored on the user’s device and never transmitted via the internet. This presents a problem when users want to have their messages sync across their laptop, phone, and desktop because the private key has to remain on one device — so messaging platforms issue unique keys for each device, all tied to the user’s main account. Users should get a notification if new keys are added, so they can tell if someone is eavesdropping on their conversation.
That’s not the case with Confide, according to Quarkslab. Confide doesn’t notify users when a new key is generated for their account, so the company — or someone with access to their infrastructure — could create a new set of keys for a user and decrypt their messages.
It’s a critique other encrypted messaging apps have faced too: Quarkslab raised similar concerns about iMessage in 2013 and other researchers have recently critiqued WhatsApp for requiring users to opt in to receive notifications about key changes, rather than making notifications the default. But iMessage users get notifications when new devices are added to their accounts and WhatsApp lets users choose to be informed about key changes, while Confide users get no notifications at all.
“The end-to-end encryption is so wrongly implemented, Confide can super easily make man-in-the-middle, thus get access to every message or attachment,” Raynal said. He and Bédrune developed a script that enabled them to add a new key to a Confide account and decrypt messages with it.
“They intentionally undermined the security of their own system to bypass several layers of Confide’s protection, including application signatures, code obfuscation, and certificate pinning. The attack that they claim to be demonstrating does not apply to legitimate users of Confide, who are benefiting from multiple security protections that we have put in place. Undermining your own security or taking complete control of a device makes the entire device vulnerable, not just the Confide app,” Brod told TechCrunch. “Like with Apple’s iMessage and other end-to-end encrypted messengers, it is theoretically possible that we could man-in-the-middle attack ourselves. Obviously, we would never do this.”
But Quarkslab’s research seems to stir up the worries about Confide’s security that were raised when its popularity with White House staffers was reported last month. Researcher Jonathan Zdziarski noted in February that Confide did not appear to notify a user when a new keypair was added to their account, and that this could leave users susceptible to a man-in-the-middle attack. “It’s unclear why, but unlike Signal and WhatsApp, which consider it something to alert you about if your public key changes, Confide appears to consider this part of its function,” Zdziarski wrote.
Without a way to verify the keys associated with your account, you just have to trust that Confide is working the way it claims to. But one of the core promises of end-to-end encryption is that you don’t have to trust a company not to eavesdrop on your conversations; you only have to trust one ‘end’ of the conversation (that’s you) and the other ‘end’ (that’s your buddy who you’re communicating with).
“The Confide server can add a key when it returns a user’s profile. The sender of a message will then protect the message key with the recipient real public key and the one added by the server. There is no way to detect this,” Bédrune explained. “The end-to-end encryption mechanism provides a very low protection: the overall security of communications is based on TLS [Transport Layer Security]. Without this layer, the compromise of communications would be trivial. An attacker in the middle man position could inject a public key when sending a user’s profile to the server, and decrypt messages sent on the fly.”
So if you’re a paranoid White House staffer, this means that the government might be able to secretly eavesdrop on you. Confide doesn’t currently publish a transparency report detailing the requests it receives from government agencies for user data, but Brod said it might in the future.
Raynal and Bédrune studied the Windows version of the Confide app, but they say their findings would likely translate to macOS, iOS and Android. They also found ways to subvert Confide’s screenshot protection and message deletion features, but have yet to release details about those findings.
“There are certainly a few ‘cheats’ to the Confide system, the most obvious and simple of which is using a second device to photograph or make a video recording of the screen. The researchers have put forth significant engineering effort to identify engineering cheats to the ephemerality and screenshot protections that we provide,” Brod said.
Quarkslab notified Confide of the issues last Thursday. Confide asked for a 30-day window in which to assess the issues, but Quarkslab is making its findings public now to warn users who might be using the app in the interim. Raynal said the key issues should have been addressed prior to Confide’s launch, rather than patched after the fact.
“They claim military-grade encryption and there is a lot of messaging about that, but it is dangerous for the user to use the application in its current state,” Raynal said. “They are fixing the application, which is good. In the meantime, I think it is dangerous to use.”
“We tried to focus on the technical part and provide strong proof, and then people can make their own decisions,” he added.