Bridgefy is a messaging app that allows users to communicate within a radius of a few hundred feet using Bluetooth and mesh network routing. In the last few months, it’s been marketed as the most secure way to send messages to fellow protestors without needing an internet connection. The app is also rife with glaring security vulnerabilities that leave communications open to attackers, according to research published today out of Royal Holloway, University of London (h/t Ars Technica).
The promise of Bridgefy is instantly enticing: allow wireless communications between devices that aren’t able to connect to the internet using Wi-Fi or cellular data. The app and the complex tools behind it have been downloaded more than 1.7 million times, according to Jorge Ríos, the company’s CEO.
Bridgefy’s rise in popularity can be traced back to an increase in social justice protests around the world; the company has used social media to push the app as a perfect protest companion because it can be used even when cell networks are oversaturated or down completely. And that much, at least, appears to be true — but it comes at the extremely high cost of privacy.
Impersonation, for one — Bridgefy prides itself on just how easy it is to log in and send messages. Researchers found that, because of this operational model, it’s incredibly easy to pretend to be someone else on the app. With no authentication to speak of, any user can impersonate another using basic packet-sniffing methods.
And impersonation is only the beginning. They also found that using fairly easy techniques, an attacker could deanonymize messages, build graphs of users’ interactions, read direct messages, and even completely shut down the mesh network in use.
Not even difficult to hack — Much of the research published today speaks to Bridgefy’s less-than-satisfactory encryption methodologies. When it was first gaining popularity, Bridgefy marketed itself as a secure communication solution. Researchers found this to be entirely untrue.
“Our results show that Bridgefy permits its users to be tracked, offers no authenticity, no effective confidentiality protections and lacks resilience against adversarially crafted messages,” the research reads.
In their experiments, researchers found that, because Bridgefy does not actually use cryptographic authentication, it’s very easy to hack communications on the platform. You don’t need fancy equipment or extensive coding knowledge to break into this system — it’s that rudimentary.
Mixed messaging — When Bridgefy first began gaining popularity, the company’s description of its app — as well as marketing for it — called it a secure messaging solution. Researchers told Bridgefy about its shortcomings in late April. By June, the company was issuing announcements across its social media channels that no part of the app would be encrypted moving forward.
The company’s promised “new version” with updated security protocols has yet to be released. It’s now been much longer than a few weeks. And though Bridgefy no longer uses the word “encrypted” in its marketing, it does claim to be “safe.” The company’s CEO claims people download it to “stay protected.”
Most recently, Bridgefy said it’s working to rewrite its app using the Signal protocol, which should hopefully provide end-to-end encryption to the app and fix the security issues outlined in this research.
The lesson here is one we would all do well to abide by: do extensive research on any app that claims to be secure before using it for secure communications. That’s especially true of protest situations, where social media users have been prosecuted just for retweeting a photo.
Bridgefy’s premise is an exciting one. The company’s software development kit could allow for the creation of a perfect, internet-less communication system in the future — but right now it’s just not secure enough to do what the company wants it to do. In the meantime, apps with end-to-end encryption and local storage options like Signal and Anonymous Camera are much better suited to being used at protests.