WeChat modified TLS encryption protocol exposes users to security risks
A recent investigation by the University of Toronto's Citizen Lab has uncovered potential security weaknesses in WeChat's custom encryption protocol.
WeChat messages and conversations are not encrypted end-to-end, meaning the app's servers can decrypt and read every message. However, users of the popular messaging app might be concerned to learn that there are vulnerabilities in the encryption protocol that could leave the service open to attack, according to a new study.
A recent investigation by the University of Toronto's Citizen Lab has uncovered potential security weaknesses in WeChat's custom encryption protocol. These weaknesses arise because the developers of WeChat, which boasts over a billion monthly active users, have modified the Transport Layer Security (TLS) 1.3 protocol, creating a version called MMTLS.
WeChat uses a two-layer encryption system. First, the inner layer, known as "Business-layer encryption," encrypts the plaintext content. This encrypted content is then further encrypted with MMTLS before being transmitted.
Article