Special Features

Cybersecurity Month

WeChat devs introduced security flaws when they modded TLS, say researchers

No attacks possible, but enough issues to cause concern


Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses, researchers claim.

WeChat uses MMTLS, a cryptographic protocol heavily based on TLS 1.3. The devs essentially tweaked standard TLS but in turn that left the app with an encryption implementation, which "is inconsistent with the level of cryptography you would expect in an app used by a billion users, such as its use of deterministic IVs and lack of forward secrecy."

That's according to the University of Toronto's Citizen Lab, which carried out a comprehensive review of MMTLS's network security.

Sysadmins rage over Apple's 'nightmarish' SSL/TLS cert lifespan cuts

READ MORE

It identified MMTLS in previous work, but a more thorough analysis revealed it offers two layers of encryption instead of one as first thought. Plaintext content is wrapped in what's referred to as "business-layer encryption" and the resulting ciphertext is then wrapped in MMTLS encryption, the ciphertext from which would be sent over the WeChat network.

Researchers found that most of the cryptographic security issues were in WeChat's AES-CBC-based business-layer encryption, which until the introduction of MMTLS in 2016 was the sole layer of encryption for network requests.

In fact, the only reason why researchers weren't able to successfully attack WeChat this time around was because this is now enveloped in MMTLS. Before, various types of attacks were possible such as a padding oracle attack, and just last year Citizen Lab claimed it found a different cryptography scheme developed by a Tencent company was still vulnerable to an attack of this type.

The most serious issue the researchers found, however, was that the business-layer encryption doesn't encrypt metadata such as user IDs and request URIs, leaking them in plain text. 

"It could be the case, for instance, that after MMTLS is terminated at the front WeChat servers (handles MMTLS decryption), the inner WeChat request that is forwarded to the corresponding internal WeChat server is not re-encrypted, and therefore solely encrypted using business-layer encryption," said Citizen Lab. 

"A network eavesdropper, or network tap, placed within WeChat's intranet could then attack the business-layer encryption on these forwarded requests. However, this scenario is purely conjectural. Tencent's response to our disclosure is concerned with issues in business-layer encryption and implies they are slowly migrating from the more problematic AES-CBC to AES-GCM, so Tencent is also concerned with this."

Ultimately, thanks to the wrapping of ciphertext in MMTLS, there are no vulnerabilities in WeChat's encryption protocol that could lead to any known attacks today. However, the issues described as "minor" ones by the researchers aren't present in the standard, unmodified version of TLS.

Messages sent using WeChat, to the researchers' understanding, are safe from eavesdroppers. Although, Tencent would still have to comply with any data requests from the CCP given local laws, and WeChat communications aren't end-to-end encrypted – the app's servers decrypt and read every message, Citizen Lab said.

The researchers may have stumbled on other findings if they had access to the version that's actually used in China. However, given the difficulty in accessing Chinese phone numbers due to government requirements linking them to national IDs, they had to use non-Chinese numbers, which makes the app behave differently.

A trend unique to China

Only in China is it common for developers to against the grain and whip up their own cryptography system, the researchers said, and generally none of these are as effective as the standard TLS 1.3 or QUIC implementations.

Citizen Lab spotted the same practices across various apps in recent years and despite previous concerns over the TLS certificate authority system, the standard implementations are usually the best options from a security perspective. They described it as "a growing, concerning trend unique to the Chinese security landscape."

Similarly, developers are also known in China to implement custom domain lookup systems to mitigate the pervasive actions of shady ISPs. They often engage in DNS hijacking to display ads or redirect web traffic for ad fraud. It's a longstanding, widespread issue that's been challenged by large internet companies, but it remains a problem nonetheless.

Much of WeChat's code, for example, is taken straight from Tencent Mars – an open source infrastructure component that provides apps with common fundamental functionality such as networking and logging.

Mars has a feature called NewDNS – an example of this bespoke domain lookup system present in WeChat.

The researchers believe Mars is highly prevalent in apps outside of WeChat, which the infoseccers said was a problem given that the component doesn't provide any transport encryption. MMTLS is not part of the open-source Mars component, it's bespoke to WeChat.

Combining this with the lack of formal documentation guiding developers on Mars' implementation – many rely on community wisdom on platforms like GitHub – means mistakes are more likely to occur, leading to potentially weaker security.

Citizen Lab said it suggested to Tencent that it adopt the standard TLS or a combination of QUIC and TLS for better app security. ®

Send us news
15 Comments

UK ICO not happy with Google's plans to allow device fingerprinting

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Infosec experts divided on AI's potential to assist red teams

Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence

Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right?

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Are your Prometheus servers and exporters secure? Probably not

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Blue Yonder ransomware termites claim credit

Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

Threatened with life in prison, Kyiv charity worker gives middle finger to state spies