Musk's XChat is not as secure as it claims
What's the story
X, the social media platform formerly known as Twitter, has started rolling out a new encrypted messaging feature called "XChat." The company claims that this service provides end-to-end encryption, which means only the sender and receiver can read the messages. However, cryptography experts have raised concerns over the security of this new feature.
Security concerns
XChat less secure than Signal, say experts
Experts have warned that the current encryption method used by X in its XChat feature is not as secure as Signal, a leading end-to-end encrypted chat service. The criticism mainly stems from how X handles the user's private key, a secret cryptographic key assigned to each user for decrypting messages. Unlike Signal, which stores this key on the user's device, X stores it on its own servers after encrypting it with a four-digit PIN.
Key storage issues
Concerns over private key storage
The way X stores private keys on its servers has raised concerns. Matthew Garrett, a security researcher, noted that if the company doesn't use hardware security modules (HSMs) to store these keys, it could potentially tamper with them or brute-force them due to their four-digit nature. HSMs are specialized servers designed to make accessing data inside them difficult for the owning company.
Insider risks
Vulnerability to adversary-in-the-middle attacks
Another major concern with XChat is its vulnerability to "adversary-in-the-middle" (AITM) attacks. These attacks could allow a malicious insider or even the company itself to compromise encrypted conversations. Garrett said that even if X has implemented this properly, users can't be sure they haven't been targeted by an AITM attack because the firm provides its public key whenever you communicate with them.
Transparency issues
Lack of perfect forward secrecy and open-source implementation
Unlike Signal, which openly documents its encryption technology, XChat's implementation is not open source. The company has promised to open source its implementation and describe the encryption technology in detail through a technical whitepaper later this year. Further, XChat also doesn't provide "perfect forward secrecy," a cryptographic mechanism that encrypts each new message with a different key. This means if an attacker's private key is compromised, they can only decrypt the last message, not all preceding ones.