Skip to main content

Using messaging service, Bridgefy, could have dire consequences for users if privacy protection issues aren’t fixed

Site search

Using messaging service, Bridgefy, could have dire consequences for users if privacy protection issues aren’t fixed

  • Date25 August 2020

Researchers at Royal Holloway have found serious vulnerabilities in the messaging app, Bridgefy which could have significant consequences for its users.

Cyber security - ISG

The messaging app has been advertised for use by people across the world during large-scale protests when normal forms of communication are down, for example due to a government mandated internet shutdown. The developers of the app reported increased uptake from several sites of protest such as Hong Kong, India, Iran, Lebanon, Zimbabwe, and the US.

The academics from the Information Security Group (ISG) at Royal Holloway found that Bridgefy did not design and implement their application with security in mind and have proposed that Bridgefy should make use of an established cryptographic library.

The main flaws found by the researchers in the ISG, Lenka Mareková, Jorge Blasco, Rikke Bjerg Jensen and Martin R. Albrecht, were that Bridgefy did not implement some necessary cryptographic protections and some cryptographic protections were implemented incorrectly.

They also found that the protocol wasn’t designed in a way to minimise information leaking, and its robustness against maliciously crafted messages was weak.

The key feature of Bridgefy is that it exchanges data using Bluetooth when an internet connection is not available. The application can send the following kinds of messages:

  • one-to-one messages between two parties
  • sent over the internet if both parties are online
  • sent directly via Bluetooth if the parties are in physical range, or
  • sent over the Bluetooth mesh network, and
  • Bluetooth broadcast messages that anyone can read in a special “Broadcast mode” room.

Professor Martin Albrecht, from ISG at Royal Holloway, said: “We disclosed the vulnerabilities we found to Bridgefy developers in April this year. They confirmed these vulnerabilities soon after. Following up, the Bridgefy team began to inform their users that they should not expect confidentiality guarantees from the current version of the application.

“In June, they told us they are implementing a switch to the Signal protocol. This would provide cryptographic assurances and would fix many, but not all of the issues we found.”

This research is part of a larger interdisciplinary project between social scientists, systems security researchers and cryptographers on information security needs and requirements in protests. It showcases the integration of different disciplines studying information security as a key feature of the Information Security Group and its Centre for Doctoral Training in Cyber Security for the Everyday.

More news

Browse all news

Royal Holloway student highlighted in new campaign celebrating those being the first in their family to attend university

15 Apr 2024

The success of a student from Royal Holloway, University of London, who was the first in their family (FiF) to attend university, is being highlighted in a new national campaign, 100 Faces.

Interim Pro-Vice-Chancellor (Education and Student Experience) appointed

11 Apr 2024

Professor Wyn Morgan has been appointed as Interim Pro-Vice-Chancellor (Education and Student Experience) and will join Royal Holloway on Monday 22 April 2024 for one year.

Royal Holloway included in campaign to show the creative and economic value of English degrees

22 Mar 2024

The Department of English at Royal Holloway, University of London has joined other universities across the UK to launch #EnglishCreates, a campaign to promote the study of English.

Royal Holloway Professor joins Intergovernmental Panel on Climate Change to create Special Report

20 Mar 2024

Professor David Simon, Department of Geography, has been invited to join a team at Intergovernmental Panel on Climate Change to create the organisation’s Special Report on climate change and cities.

Explore Royal Holloway

Scholarships

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

Clubs and societies

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones.

Accommodation

Heading to university is exciting. Finding the right place to live will get you off to a good start.

Support and wellbeing

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help.

Departments and schools

Discover more about our 21 departments and schools.

Research Excellence Framework

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’.

Challenge-led research themes

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

Research institutes and centres

Discover world-class research at Royal Holloway.

Royal Holloway today

Discover more about who we are today, and our vision for the future.

Our history

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today.

Our alumni

We’ve played a role in thousands of careers, some of them particularly remarkable.

Governance

Find about our decision-making processes and the people who lead and manage Royal Holloway today.