In this thesis, we present an in-depth look into the design of Jitsi, and its use of cryptographic components in securing the system. Based on the analysis, we demonstrate two practical attacks that compromised server components can mount against the E2EE layer. We show how the bridge can break the integrity by injecting inauthentic media into E2EE conferences, whilst the signaling server can defeat the encryption entirely. On top of its susceptibility to said attacks, the feature does not apply to text-based communications, which is not made apparent to users and would be a reasonable expectation given its marketing. Further, we identify critical issues with the poll feature, which allow any meeting participant to arbitrarily manipulate voting results.
Our findings are backed by proof-of-concept experiments and verified to be exploitable in practice.
Jitsi’s effort to pioneer an open-source solution to E2EE video conferencing is a solid contribution towards making secure communicationtools more accessible. However, as we demonstrate in this thesis, the current iteration contains several design and implementation issues, and should therefore not be relied upon.