Hi guys,

A supposedly secure messaging app called Threema, used by millions of people, including the Swiss government and the Swiss Army has been found to have substantial security holes. In a recent security audit by ETH Zürich researchers, seven vulnerabilities were found in Threema’s homegrown cryptographic protocols. The vulnerabilities, if exploited, would allow remote attackers to do the following:

  • Clone accounts
  • Read encrypted messages
  • Steal private keys
  • Steal contacts

These findings are unforgivable considering that the Switzerland-based app describes itself as a more secure alternative to WhatsApp, Signal and Telegram. It is even used by high-profile people such as the German Chancellor Olaf Scholz.

If you continue using this app for secure communications, please ensure you are running the latest versions. The team behind Threema claim that they have fixed all of the issues exposed during the research, and the app is now fully secure. To run the most secure app version, make sure you update.

Please never assume that an application is completely secure. Nearly every system has a flaw, and you can never be sure when dealing with homegrown cryptographic protocols.

Do you know in October 2022, I wrote about how matrix encryption had a problem and needed to be updated urgently? You can read the article here, but what it demonstrates and what this story demonstrates is that you cannot trust anything when it comes to secure communications.

All the best,

Max Roberts,
Incognito Privacy Care Team.