Critical Cryptocat group chat bug fixed
A critical security vulnerability in Cryptocat versions older than 2.0.42 has been patched and developers are urging users to update to the latest available version of the encrypted online chatting app.
According to their Thursday blog post, the vulnerability was discovered by a volunteer named Steve Thomas a few weeks ago, and allowed any conversations had over Cryptocat’s group chat function between versions 2.0 and 2.0.42 to be easily cracked via a brute force attack.
“Private chats are not affected: Private queries (1-on-1) are handled over the OTR protocol, and are therefore completely unaffected by this bug. Their security was not weakened,” they also made sure to note.
“Our SSL keys are safe: For some reason, there are rumors that our SSL keys were compromised. To the best of our knowledge, this is not the case. All Cryptocat data still passed over SSL, and that offers a small layer of protection that may help with this issue. Of course, it does not in any way save from the fact that due to our blunder, seven months of conversations were easier to crack,” they explained, and apologized for making the mistake.
The announcement was apparently a reaction to Steve Thomas’ own blog post in which he urged users who used Cryptocat from October 17th, 2011 to June 15th, 2013 to assume their messages were compromised.
“There was a bug in the generation of ECC private keys that went unchecked for 347 days,” he wrote, saying that the flaw made the ECC private keys “ridiculously small” and, therefore, easily crackable.
To prove his point, he created Decryptocat, a tool that at cracks those keys in Cryptocat versions 1.1.147 through 2.0.41.
Despite helping the project, Thomas obviously does not have a high opinion of Cryptocat’s developers.
“Cryptocat is run by people that don’t know crypto, make stupid mistakes, and not enough eyes are looking at their code to find the bugs,” he says. “Cryptocat tried BPKDF2, RSA, Diffie-Hellman, and ECC and managed to mess them all up because they used iterations or key sizes less than the minimums [sic].”
He advises users not to use Cryptocat as “there’s no telling how long it will be until they break their public key encryption.”