Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the first public security analysis of WeChat's proprietary MMTLS encryption protocol in this 39-minute conference talk from Black Hat. Discover how researchers from Citizen Lab examined the cryptographic implementation used by WeChat, the world's third-largest messaging platform with over 1.2 billion monthly active users. Learn about MMTLS as a modified version of TLS 1.3 and understand the security weaknesses introduced by WeChat's modifications to standard cryptography. Examine the discovery of a second encryption layer called "Business-layer encryption" and its serious security vulnerabilities, including metadata leaks, forgeable integrity signatures, potential AES-CBC padding oracle attacks, and key/IV reuse issues in block cipher mode. Understand how the outer MMTLS layer provides protection against direct exploitation of these inner vulnerabilities. Gain insights into the researchers' hypothesis that WeChat's double-layer encryption represents technical debt and explore the broader trend of Chinese applications implementing custom cryptographic solutions. Presented by cybersecurity researchers Pellaeon Lin, Mona Wang, and Jeffrey Knockel from Citizen Lab, this analysis provides critical insights into the security architecture of one of the world's most widely used messaging platforms.
