Abstract by Austin Kolander
Performing a Fake Key Attack on Secure Messaging Apps
Secure messaging apps encrypt a message end-to-end so that only the clients can read it. Examples include WhatsApp, Signal, and Facebook Messenger’s secret chat. These apps implicitly trust a centralized server to relay messages and deliver the correct encryption key, making them vulnerable to fake key attacks. We demonstrate how a malicious server can decrypt and read your sensitive messages while using these apps.