Abstract
End-to-end encryption (E2EE) is a methodology used to protect in-transit data from eavesdroppers, third parties, and server leaks. In recent years, the volume of online communications has risen astronomically, accompanied by the widespread adoption of E2EE in IoT, email, and messaging applications. This project focuses on a consumer facing instant messaging application that provides E2EE service for messages, calls, and media file transmission. The application is currently free, has around 500 million users, and utilizes the Signal protocol for encryption. To provide context, key terms have been defined, and the underlying schema of the application has been explained based on publicly available knowledge. Threat modeling frameworks have been used to identify vulnerabilities in the application, and its ecosystem. Following this, relevant attacks that exploit these vulnerabilities have been executed and their outcomes recorded. One of the attacks successfully subverted the application’s security and accessed confidential user data such as documents, media files, audio memos, and more. The attack has been reproduced on different systems, and the key findings have been reported to appropriate authorities. In light of the increasing concerns about user privacy and data protection, this research comes at a suitable time and adds value to the space of E2EE security.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
