Arthur BesseA to Matrix · 2 years agoE2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element or another client which uses those libraries, upgrade ASAPmatrix.orgexternal-linkmessage-square10fedilinkarrow-up123arrow-down10
arrow-up123arrow-down1external-linkE2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2: if you use Element or another client which uses those libraries, upgrade ASAPmatrix.orgArthur BesseA to Matrix · 2 years agomessage-square10fedilink
minus-squarepoVoq@slrpnk.netlinkfedilinkarrow-up3·edit-22 years agoAFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
minus-squarej@mastodon@mastodon.sociallinkfedilinkarrow-up1·2 years ago@poVoq @sexy_peach Isn’t matrix also based on session keys? I think the issue is more about how keys are shared between devices, and access to previous messages granted?
minus-squarepoVoq@slrpnk.netlinkfedilinkarrow-up3·2 years agoI am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.
AFAIK they don’t exist because OMEMO keys are device and not account specific, so this entire class of attack surface does not exist.
@poVoq @sexy_peach
Isn’t matrix also based on session keys?
I think the issue is more about how keys are shared between devices, and access to previous messages granted?
I am not an expert on the topic, but yes the key sharing seems to be the ultimate source of these issues.