As highlighted by recent news stories and social media posts, the desktop apps of some messaging services are affected by a long-standing security issue. We’ve been asked whether Threema’s desktop client also suffers from this or any similar flaw. The short answer: no. Threema users don’t need to take any precautions and can continue to use the desktop app. The longer, more explanatory answer:
Security Doesn’t End with End-to-End Encryption
When it comes to the security of messaging services, end-to-end encryption is by far the most important factor. It is, however, not the only one. The overall security is also dependent on the implementation of various individual features. In particular, the desktop client plays a crucial role in terms of security.
In contrast to mobile operating systems, where apps are “sandboxed,” not all desktop OSes provide – let alone enforce – this security mechanism. Simply put, sandboxing ensures that app data can only be accessed by the app the data belongs to, not by any other app. On Android and iOS, for example, WhatsApp cannot access Threema data out of the box (and vice versa).
The Issue
When Microsoft recently presented Recall, security experts were alarmed. This AI-powered software for Windows is meant to create screenshots of (almost) any user activity, analyze them, and locally store the results for later reference. One of the main concerns was that threat actors could use a simple malware to exfiltrate the potentially highly sensitive data Recall accumulates.
As highlighted by news stories and social media posts, the desktop clients of some messaging services are susceptible to the same attack vector. Affected are services whose desktop apps either do not encrypt user data in the first place or store the decryption key next to the encrypted data in plaintext. Under these conditions, someone with access to the file system can get ahold of any user content (messages, images, etc.), and malware could copy the whole content (including the decryption password) to the adversary’s remote location.
Why Threema for Desktop Isn’t Affected
In version 1 of Threema’s desktop app, there’s never any content saved on disk (and persistent session keys are encrypted with a key derived from the user password). Therefore, even if a threat actor manages to gain access to the file system, they have no way to access any of the target’s Threema content since there’s simply nothing there.
Version 2 of Threema’s desktop app is based on a completely new architecture. It offers multi-device support and is currently available as beta for users of the iOS mobile app.
In this new version, all content saved on disk (e.g., messages, files/media, contacts, key material, file names, etc.) is encrypted with a key that’s derived from the user password. This is a password the user must provide for each session and which isn’t stored in plaintext anywhere. (In the future, we will also provide an option to store the user password by means of Apple’s Keychain or similar mechanisms on other operating systems.) Therefore, even if an adversary manages to gain access to the file system, they still have no way to access any of the target’s Threema content because it’s encrypted with a password only known to the user.
To learn more about Threema’s security, please refer to our Security page or, if you’re technically inclined, consult the Cryptography Whitepaper.