A critical vulnerability in certain Matrix clients could allow an attacker access to encrypted messages.
Users of the open source, decentralized communications platform are urged to update their systems after a serious implementation bug was found in its end-to-end encryption.
The issue, tracked as CVE-2021-40823 and CVE-2021-40824, is due to a logic error in the room key sharing functionality of Matrix.
It allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
This means that an attacker can decrypt end-to-end encrypted messages sent by vulnerable clients.
The vulnerability affects multiple Matrix clients and libraries including Element (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat. Element on iOS is not affected.
Implementation issues
In an advisory, the platform’s parent company, Element, said that the vulnerability was discovered during a routine audit by one of its researchers.
It reads: “Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient’s account. This requires either compromising their credentials directly or compromising their homeserver.
“Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users’ devices in order to spy on messages sent by vulnerable clients in that room.”
Element stressed that the issue is not due to a flaw in the Matrix or Olm/Megolm protocols, nor the libolm implementation, but in certain Matrix clients and SDKs which support end-to-encryption.
Users are urged to update to the latest versions immediately. A list of affected software can be found in the release.
The company said it apologizes “sincerely” for any inconvenience caused.