232:, published a paper describing how Bridgefy's usage of the Signal Protocol was incorrect, failing to remedy the previously discovered issues. The researchers performed a demonstration, showing that it was possible for users to intercept messages intended for others without the sender noticing. The researchers disclosed the vulnerabilities to the developers of Bridgefy in August 2021, but, according to the researchers, the developers had yet to resolve the issues as of June 2022.
22:
81:
225:. The Signal Protocol was integrated into the Bridgefy app and SDK by late October 2020, with the developers claiming to have included improvements such as the impossibility of a third person impersonating any other user, man-in-the-middle attacks done by modifying stored keys, and historical proximity tracking, among others.
171:, is licensed to other apps. The app gained popularity during protests in different countries since it can operate without Internet, using Bluetooth instead. Aware of the security issues of not using cryptography and the criticism surrounding it, Bridgefy announced in late October 2020 that they adopted the
251:
and overall security review of the
Bridgefy app in collaboration with the platform's developers. Their review, which began in November 2022 and concluded in May 2023, identified multiple critical vulnerabilities throughout the application. Many of the issues were fixed, or partially fixed, before the
204:
In August 2020, researchers published a paper describing numerous attacks against the application, which allow de-anonymizing users, building social graphs of users’ interactions (both in real time and after the fact), decrypting and reading direct messages, impersonating users to anyone else on the
158:
is a
Mexican software company with offices in Mexico and California, the United States, dedicated to developing mesh-networking technology for mobile apps. It was founded circa 2014 by Jorge Rios, Roberto Betancourt and Diego Garcia who conceived the idea while participating in a tech competition
212:
In response to the disclosures, developers acknowledged that "no part of the
Bridgefy app is encrypted now" and gave a vague promise to release a new version "encrypted with top security protocols". Later developers said they plan to switch to
381:
195:
in India, because it requires people who want to intercept the message to be physically close because of
Bluetooth's limited range, and the ability to daisy-chain devices to send messages further than Bluetooth's range.
184:
636:
373:
585:
786:
801:
523:
352:
796:
175:, in both their app and SDK, to keep information private, though security researchers have demonstrated that Bridgefy's usage of the Signal Protocol is insecure.
555:
771:
296:
467:
413:
791:
632:
440:
781:
192:
665:
38:
699:
577:
60:
188:
31:
611:
344:
321:
314:[Bridgefy, the Mexican startup that will let you call an Uber or receive a seismic alert without the Internet].
168:
164:
806:
253:
206:
547:
316:
687:
218:
766:
475:
403:
312:"Bridgefy, la startup mexicana que te dejará pedir un Uber o recibir una alerta sĂsmica sin internet"
236:
374:"Hong Kong Protestors Are Using An App That Doesn't Need Internet, And Bypass Chinese Snooping"
695:
244:
275:
248:
723:
657:
269:
214:
172:
229:
37:
It may require cleanup to comply with
Knowledge (XXG)'s content policies, particularly
500:
240:
760:
42:
776:
408:
607:
404:"Hong Kong protestors using mesh-networking messaging app to evade authorities"
311:
160:
633:"Hong Kong: Protesters using offline app Bridgefy to avoid being identified"
441:"Bridgefy, the messenger promoted for mass protests, is a privacy disaster"
257:
80:
222:
345:"Hong Kong protestors revive mesh networks to preempt internet shutdown"
524:"Bridgefy: An offline messaging app suddenly gaining traction in India"
686:
Albrecht, Martin R.; Eikenberg, Raphael; Paterson, Kenneth G. (2022).
548:"Hong Kong protesters using Bridgefy to stop China monitoring actions"
205:
network, completely shutting down the network, performing active
494:
492:
578:"Bridgefy Grows Amid Hong Kong Protests | Silicon UK Tech News"
228:
However, in 2022, the same security researchers, now including
15:
217:, which is widely recognized by cryptographers and used by
751:
658:"Bridgefly: No part of the Bridgefy app is encrypted now"
272:, which developers used to correct the security problems.
144:
278:, another communication app that can utilize Bluetooth
30:
A major contributor to this article appears to have a
468:"Press Release – Major Security Updates at Bridgefy!"
252:end of the audit, including user impersonation and
139:
131:
121:
113:
105:
97:
87:
260:on August 8 2023 announcing the audit results.
8:
109:Jorge Rios, Roberto Betancourt, Diego Garcia
73:
787:Information technology companies of Mexico
608:"Hong Kong protesters using Bluetooth app"
79:
72:
61:Learn how and when to remove this message
802:Technology companies established in 2016
310:Velázquez, Franck (November 22, 2018).
288:
209:to read messages and even modify them.
343:Silva, Matthew De (3 September 2019).
324:from the original on September 4, 2019
797:Mexican companies established in 2016
724:"Breaking Bridgefy again attack demo"
7:
462:
460:
434:
432:
430:
235:On July 31, 2023, the security firm
193:Citizenship Amendment Act protests
14:
41:. Please discuss further on the
20:
668:from the original on 2020-06-04
639:from the original on 2019-09-03
614:from the original on 2019-09-04
588:from the original on 2019-09-03
558:from the original on 2019-09-03
416:from the original on 2019-09-03
384:from the original on 2019-09-03
355:from the original on 2019-09-03
792:Companies based in Mexico City
606:Wakefield, Jane (2019-09-03).
402:Thompson, Clive (2019-09-03).
1:
167:technology, apparently using
772:2019–2020 Hong Kong protests
189:2019–2020 Hong Kong protests
522:Nandi, Tamal (2019-12-19).
823:
782:Android (operating system)
688:"Breaking Bridgefy, again"
576:Jowitt, Tom (2019-09-03).
501:"Breaking Bridgefy, again"
439:Goodin, Dan (2020-08-24).
183:The app gained popularity
207:man-in-the-middle attacks
185:as a communication tactic
165:smartphone ad hoc network
78:
552:News | The CEO Magazine
297:"Mexican-based startup"
256:bypass. Bridgefy also
258:published a blog post
39:neutral point of view
722:Eikenberg, Raphael.
499:Eikenberg, Raphael.
75:
378:The Times of India
153:
152:
71:
70:
63:
34:with its subject.
814:
752:Official website
739:
738:
736:
734:
719:
713:
712:
710:
708:
683:
677:
676:
674:
673:
654:
648:
647:
645:
644:
629:
623:
622:
620:
619:
603:
597:
596:
594:
593:
573:
567:
566:
564:
563:
544:
538:
537:
535:
534:
519:
513:
512:
510:
508:
496:
487:
486:
484:
483:
474:. Archived from
464:
455:
454:
452:
451:
436:
425:
424:
422:
421:
399:
393:
392:
390:
389:
370:
364:
363:
361:
360:
340:
334:
333:
331:
329:
307:
301:
300:
293:
249:penetration test
149:
146:
83:
76:
66:
59:
55:
52:
46:
32:close connection
24:
23:
16:
822:
821:
817:
816:
815:
813:
812:
811:
807:Mesh networking
757:
756:
748:
743:
742:
732:
730:
721:
720:
716:
706:
704:
702:
692:USENIX Security
685:
684:
680:
671:
669:
656:
655:
651:
642:
640:
631:
630:
626:
617:
615:
605:
604:
600:
591:
589:
575:
574:
570:
561:
559:
546:
545:
541:
532:
530:
521:
520:
516:
506:
504:
498:
497:
490:
481:
479:
466:
465:
458:
449:
447:
438:
437:
428:
419:
417:
401:
400:
396:
387:
385:
372:
371:
367:
358:
356:
342:
341:
337:
327:
325:
309:
308:
304:
295:
294:
290:
285:
270:Signal protocol
266:
247:of a white box
215:Signal Protocol
202:
181:
173:Signal protocol
143:
124:
92:
67:
56:
50:
47:
36:
25:
21:
12:
11:
5:
820:
818:
810:
809:
804:
799:
794:
789:
784:
779:
774:
769:
759:
758:
755:
754:
747:
746:External links
744:
741:
740:
714:
700:
678:
649:
624:
598:
568:
554:. 2019-09-03.
539:
514:
488:
456:
426:
394:
380:. 2019-09-03.
365:
335:
320:(in Spanish).
302:
287:
286:
284:
281:
280:
279:
273:
265:
262:
245:pentest report
230:Kenny Paterson
201:
198:
180:
177:
169:Bluetooth Mesh
151:
150:
141:
137:
136:
133:
129:
128:
125:
122:
119:
118:
115:
111:
110:
107:
103:
102:
99:
95:
94:
89:
85:
84:
69:
68:
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
819:
808:
805:
803:
800:
798:
795:
793:
790:
788:
785:
783:
780:
778:
775:
773:
770:
768:
765:
764:
762:
753:
750:
749:
745:
729:
725:
718:
715:
703:
701:9781939133311
697:
693:
689:
682:
679:
667:
663:
659:
653:
650:
638:
634:
628:
625:
613:
609:
602:
599:
587:
583:
579:
572:
569:
557:
553:
549:
543:
540:
529:
525:
518:
515:
502:
495:
493:
489:
478:on 2021-12-14
477:
473:
469:
463:
461:
457:
446:
442:
435:
433:
431:
427:
415:
411:
410:
405:
398:
395:
383:
379:
375:
369:
366:
354:
350:
346:
339:
336:
323:
319:
318:
313:
306:
303:
298:
292:
289:
282:
277:
274:
271:
268:
267:
263:
261:
259:
255:
250:
246:
242:
238:
233:
231:
226:
224:
220:
216:
210:
208:
199:
197:
194:
190:
186:
178:
176:
174:
170:
166:
163:. Bridgefy's
162:
157:
148:
142:
138:
134:
130:
126:
120:
116:
112:
108:
104:
100:
96:
90:
86:
82:
77:
65:
62:
54:
44:
40:
35:
33:
27:
18:
17:
767:Social media
731:. Retrieved
727:
717:
705:. Retrieved
691:
681:
670:. Retrieved
661:
652:
641:. Retrieved
635:. Sky News.
627:
616:. Retrieved
601:
590:. Retrieved
581:
571:
560:. Retrieved
551:
542:
531:. Retrieved
528:livemint.com
527:
517:
505:. Retrieved
480:. Retrieved
476:the original
471:
448:. Retrieved
445:Ars Technica
444:
418:. Retrieved
407:
397:
386:. Retrieved
377:
368:
357:. Retrieved
348:
338:
328:September 4,
326:. Retrieved
317:Entrepreneur
315:
305:
291:
234:
227:
211:
203:
182:
155:
154:
135:Bridgefy App
114:Headquarters
57:
48:
29:
409:Boing Boing
239:released a
187:during the
123:Area served
761:Categories
672:2020-08-26
643:2019-09-03
618:2019-09-03
592:2019-09-03
582:Silicon UK
562:2019-09-03
533:2019-12-22
482:2021-04-27
450:2020-08-26
420:2019-09-03
388:2019-09-03
359:2019-09-03
283:References
237:7asecurity
161:StartupBus
93:technology
51:March 2023
254:biometric
241:blog post
127:Worldwide
43:talk page
666:Archived
637:Archived
612:Archived
586:Archived
556:Archived
503:. GitHub
472:Bridgefy
414:Archived
382:Archived
353:Archived
322:Archived
264:See also
223:WhatsApp
200:Security
156:Bridgefy
145:bridgefy
132:Products
91:software
88:Industry
74:Bridgefy
733:14 June
728:Twitter
707:14 June
662:Twitter
507:14 June
159:called
140:Website
106:Founder
98:Founded
698:
694:(22).
349:Quartz
219:Signal
117:Mexico
276:Briar
179:Usage
735:2022
709:2022
696:ISBN
509:2022
330:2019
243:and
221:and
191:and
101:2014
777:IOS
147:.me
763::
726:.
690:.
664:.
660:.
610:.
584:.
580:.
550:.
526:.
491:^
470:.
459:^
443:.
429:^
412:.
406:.
376:.
351:.
347:.
737:.
711:.
675:.
646:.
621:.
595:.
565:.
536:.
511:.
485:.
453:.
423:.
391:.
362:.
332:.
299:.
64:)
58:(
53:)
49:(
45:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
