SimpleX network: security review of protocols design by Trail of Bits

There are 3 medium and 1 low severity findings, all of which require a high difficulty attack to exploit ā€” the attacker would need to have a privileged access to the system, may need to know complex technical details, or must discover other weaknesses to exploit them. Additionally, there are 3 informational findings.

8 Likes

Nice.

Trail of Bits reviewed both the algorithm & the implementation? The implementation is where the zero-days are.

Next: security audit in 2025

We are planning the implementation security assessment with Trail of Bits in the beginning of 2025. It will be a twice bigger assessment than we did in 2022 ā€” it will cover both the core of the app and the handling of cryptographic secrets in the mobile applications.

5 Likes

Good job @epoberezkin!

2 Likes

Iā€™m a privacy newcomer. Can someone explain why this service can be trusted not to be some sort of government HoneyPot? I get that you have to place your trust somewhere, but why SimpleX?

trusted not to be some sort of government HoneyPot?

It is open source and you can selfhost servers, it keeps getting security audits.

but why SimpleX?

You can check their website, https://simplex.chat/ and their roadmap.