Detail

Publication date: 29 de March, 2023

Practically-exploitable Cryptographic Vulnerabilities in Matrix

In this talk, we will talk about several practically-exploitable cryptographic vulnerabilities that we found in the Matrix standard for federated realtime communication and its ?agship client and prototype implementation, Element. These, together, invalidate the con?dentiality and authentication guarantees claimed by Matrix against a malicious server. This is despite Matrix’ cryptographic routines being constructed from well-known and studied cryptographic building blocks. The vulnerabilities we exploit differ in their nature (insecure by design, protocol confusion, lack of domain separation, implementation bugs) and are distributed broadly across the different subprotocols and libraries that make up the cryptographic core of Matrix. These vulnerabilities highlight the need for a systematic and formal analysis of the cryptography in the Matrix standard, which we will discuss a bit during the talk.

Presenter

Sofía Celi (Brave Software, Inc.),

URL https://videoconf-colibri.zoom.us/j/92950889155?pwd=YXN6MFNwaDVxbGh4RHQ5d3N0VWhLUT09
Location DI Seminars Room and Zoom
Date 03/05/2023 2:00 pm