Disclosing E2EE vulnerability in multiple Matrix clients
Lastly, if you have previously verified the users / devices in a room, you would witness the safety shield on the room turn red during the attack, indicating the presence of an untrusted and potentially malicious device. Matrix supports the concept of "Key sharing", letting a Matrix client which lacks the keys to decrypt a message request those keys from that user's other devices or the original sender's device. Requesting keys from a user's other devices sidesteps these issues. In order to securely implement key sharing, clients must not reply to every key request they receive. The recommended strategy is to share the keys automatically only to verified devices of the same user. The implementation did not sufficiently verify the identity of the device requesting the keyshare, meaning that a compromised account can impersonate the device requesting the keys, creating this vulnerability. While we believe we have identified and contacted all affected E2EE client implementations: if your client implements key sharing requests, we strongly recommend you check that you cryptographically verify the identity of the device which originated the key sharing request.