TextSecure, an Android app developed by Open WhisperSystems, is completely open-source and claims to support end-to-end encryption of text messages. The app is free and designed by keeping privacy in mind.
However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack.
After Edward Snowden revealed state surveillance programs conducted by the National Security Agency, and meanwhile when Facebook acquired WhatsApp, TextSecure came into limelight and became one of the best alternatives for users who want a secure communication.
"Since Facebook bought WhatsApp, instant messaging apps with security guarantees became more and more popular," the team wrote in the paper titled, "How Secure is TextSecure?".
The messaging app attracted a lot of attention lately and was downloaded by half a million users from the Google's Play Store. The research team explained a complete and precise document and analyze of TextSecure's secure push messaging protocol.
"We are the first to completely and precisely document and analyses TextSecure's secure push messaging protocol," the team wrote.
"We show that if long-term public keys are authentic, so are the message keys, and that the encryption block of TextSecure is actually one-time stateful authenticated encryption [and] prove TextSecure's push messaging can indeed achieve the goals of authenticity and confidentiality."
According to the research team, TextSecure works on a complex cryptographic protocol which is the part of the CyanogenMod Android operating system — a popular open source aftermarket Android firmware that has been installed on about 10 million Android devices. But researchers discovered an Unknown Key-Share Attack (UKS) against the protocol.
The research was conducted by Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jorg Schwenk and Thorsten Holz. For better understanding the UKS against the protocol, the team explained it via an example as follows:
"Bart wants to trick his friend Milhouse. Bart knows that Milhouse will invite him to his birthday party using TextSecure. He starts the attack by replacing his own public key with Nelson's public key and lets Milhouse verify the fingerprint of his new public key. This can be justified, for instance, by claiming to have a new device and having simply re-registered ... if Milhouse invites Bart to his birthday party, then Bart may just forward this message to Nelson who will believe that this message was actually sent from Milhouse. Thus, Milhouse believes that he invited Bart to his birthday party, where in fact, he invited Nelson."
The researchers also provided a mitigation strategy, which has already been acknowledged by TextSecure's developers, that prevents the UKS attack. The proposed method actually resolves the issue, making TextSecure's push messaging secure and achieves one-time stateful authenticated encryption.