Prior to version 0.5, the Matrix client-server protocol did not support encrypted key material. This means that when a user receives a signed room key from their homeserver, they could decrypt it with any device. This is no longer an issue. Prior to version 0.4, the Matrix client-server protocol did not support encryption of room keys. This means that when a user receives a signed room key from their homeserver, they could not decrypt it with any device. This is now also no longer an issue. Prior to version 0.3, the Matrix client-server protocol did not support client authentication. This means that when a user receives a signed room key from their homeserver, they could have received it from anyone. This is no longer an issue. Prior to version 0.2, the Matrix client-server protocol did not support server authentication. This means that when a user receives a signed room key from their homeserver, they could have received it from anyone. This is now also no longer an issue. Prior to version 0.1, the Matrix client-server protocol did not support encryption of room keys. This means that when a user receives a signed room key from their homeserver, they could have received it from anyone. This is now also no longer an issue.

What does this mean for me?

If you were using any version of the Matrix client-server protocol before 0.5, it is likely that a malicious user could decrypt your signed room key. If you were using any version of the Matrix client-server protocol before 0.4, it is likely that a malicious user could not decrypt your signed room key. If you were using any version of the Matrix client-server protocol before 0.3, it is likely that a malicious user could have received your signed room key from anyone else. This is no longer an issue. If you were using any version of the Matrix client-server protocol before 0.2, it is likely that a malicious user could have received your signed room key from anyone else. This is now also no longer an issue.

How to recover from a compromised homeserver and not lose your data

You can recover from a compromised homeserver by adding the proper auth headers to your room key. This is done by using the JSON Web Token (JWT) that was signed on the homeserver and then parsing it with jsonwebtoken-ruby.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol that provides privacy and data integrity over computer networks. TLS is the successor of SSL and is used to secure web traffic, including HTTP, IMAPS, SMTPS, POP3S, XMPP and others. TLS provides a number of services. It can be used as an authentication mechanism for clients to verify their identity to servers by signing their credentials with a certificate; it can provide confidentiality through encryption between two communicating peers; it can provide data integrity through signed MACs provided by the server; and it can prevent middle-box attacks through message authentication codes (MACs).

How does this help?

This vulnerability affects the security of Matrix. With this vulnerability patched, users no longer have to worry about third-party clients being able to decrypt their room keys.

What is Matrix?

Matrix is a peer-to-peer communication and social networking service, available as an API or client. It is a decentralized open source project that uses the Matrix protocol to create a distributed realtime chat system.
Matrix aims for low latency and high throughput, supporting thousands of simultaneous users at short message latencies. It does not store any user data on its servers and only stores metadata about user's public keys (i.e. their identity).
Matrix is an open network where anyone can contribute to the software and run their own server providing the service to others without charge. The software is released under a permissive MIT license, which means it can be modified and redistributed freely.

Timeline

Published on: 09/29/2022 15:15:00 UTC
Last modified on: 10/03/2022 19:30:00 UTC

References