Bridgefy

Bridgefy is a Mexican software company with offices in Mexico [1] and California, USA, dedicated to developing mesh-networking technology for mobile apps. It was founded circa 2014 by Jorge Rios, after conceiving the idea while participating in a tech competition called StartupBus.[2] Bridgefy's smartphone ad hoc network technology, apparently using Bluetooth Mesh, is licensed to other apps.[3][4][5] The app gained popularity during protests in different countries since it can operate without Internet, using Bluetooth instead. However, all communications are insecure, since it does not use cryptography at all and anyone can trivially intercept, read, and modify any information sent via the app.[6]

Usage

The app gained popularity as a communication tactic during the 2019–20 Hong Kong protests and Citizenship Amendment Act protests in India,[7] because it requires people who want to intercept the message to be physically close because of Bluetooth's limited range, and the ability to daisy-chain devices to send messages further than Bluetooth's range.[8][9][10][11]

Security

In August 2020, researchers published a paper describing numerous attacks against the application, which allow de-anonymizing users, building social graphs of users’ interactions (both in real time and after the fact), decrypting and reading direct messages, impersonating users to anyone else on the network, completely shutting down the network, performing active man-in-the-middle attacks to read messages and even modify them.[6] In response to the disclosures, developers acknowledged that "no part of the Bridgefy app is encrypted now" and gave a vague promise to release a new version "encrypted with top security protocols".[12] Later developers said they plan to switch to Signal protocol, which is widely recognized by cryptographers and used by Signal and WhatsApp.[6] It's still unclear how Bridgefly intends to use the protocol, since it is not federated and does not solve the problem of initial public key exchange.

See also

  • Signal protocol, which developers intend to use to correct the security problems.
  • Briar, another communication app that can utilize Bluetooth

References

  1. "Mexican-based startup".
  2. Velázquez, Franck (November 22, 2018). "Bridgefy, la startup mexicana que te dejará pedir un Uber o recibir una alerta sísmica sin internet" [Bridgefy, the Mexican startup that will let you call an Uber or receive a seismic alert without the Internet]. Entrepreneur (in Spanish). Archived from the original on September 4, 2019. Retrieved September 4, 2019.
  3. Silva, Matthew De. "Hong Kong protestors revive mesh networks to preempt internet shutdown". Quartz. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  4. "Hong Kong Protestors Are Using An App That Doesn't Need Internet, And Bypass Chinese Snooping". The Times of India. 2019-09-03. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  5. Thompson, Clive (2019-09-03). "Hong Kong protestors using mesh-networking messaging app to evade authorities". Boing Boing. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  6. Goodin, Dan (2020-08-24). "Bridgefy, the messenger promoted for mass protests, is a privacy disaster". Ars Technica. Retrieved 2020-08-26.
  7. Nandi, Tamal (2019-12-19). "Bridgefy: An offline messaging app suddenly gaining traction in India". livemint.com. Retrieved 2019-12-22.
  8. "Hong Kong protesters using Bridgefy to stop China monitoring actions". News | The CEO Magazine. 2019-09-03. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  9. Jowitt, Tom (2019-09-03). "Bridgefy Grows Amid Hong Kong Protests | Silicon UK Tech News". Silicon UK. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  10. Wakefield, Jane (2019-09-03). "Hong Kong protesters using Bluetooth app". Archived from the original on 2019-09-04. Retrieved 2019-09-03.
  11. "Hong Kong: Protesters using offline app Bridgefy to avoid being identified". Sky News. Archived from the original on 2019-09-03. Retrieved 2019-09-03.
  12. "Bridgefly: No part of the Bridgefy app is encrypted now". Twitter. Retrieved 2020-08-26.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.