1. 14

  2. 9

    I can’t find much about this company online, besides the fact that the product was entirely closed-source. As expectable, security through obscurity failed again.

    1. 4

      Please don’t jump to conclusions, especially not when you say explicitly that you lack infornation.

    2. 2

      Very troubling that a chat app that Edward Snowden said he used was proven to be flawed in this way.

      1. 18

        The article said it wasn’t clear if the Snowden quote was real. I would be surprised. Snowden has endorsed Signal, I don’t remember him endorsing this.

        1. 4

          You’re absolutely right, on a second read it’s clear that Ars Technica’s claim is that the company selling IronChat was the ones who said Snowden used their product, and that Ars Technica couldn’t verify the authenticity of that claim. I jumped the gun on reading the first paragraph.

      2. 1

        Well here’s the thing. They got control of the servers. If they modified the app to disable end-to-end and were able to then intercept then they are wrong in the assumption that:

        they would be able to read only messages sent after the update was installed. Earlier messages would remain unreadable.

        Just modify the app to send over the secret keys as well? There are a dozen different ways they could have done this really.

        I honestly don’t believe they broke any encryption here. They broke an app.