About Briar
Briar is an open source messaging application designed for activists, journalists, and anyone else who needs a secure, easy, and robust way to communicate and share content without an internet connection. Users connect over WiFi or Bluetooth to send messages or post to a private environment shared with other members in range.
If an internet connection is available, Briar can sync via the Tor Network so users can share securely with more distant members of their private groups. The system allows the creation of private blogs or public forums that can be shared by members with new users.
In addition to creating an encrypted network that works even during an internet outage, Briar relies on direct sharing among members—not a central server—so there is “no single point where a post can be deleted.”
Audit Description
Through OTF’s Security Lab, Radically Open Security performed a security audit of Briar during September and October 2023 using a “crystal-box” (or “white box”) assessment. In this form of testing, auditors have complete knowledge of the item being tested, including access to source code.
Scope
The security assessment included penetration testing of the Briar Android and desktop client apps and a review of Briar’s Android protocols and cryptography. After the initial review, the Briar team worked to address the issues identified and Radically Open Security performed a retest during February and March of 2024.
Findings
Radically Open Security found six security issues, one in the “Moderate Risk” category and five in the “Low Risk” category. No issues were found in the auditor’s higher-risk categories of “Extreme,” “High,” and “Elevated.”
In the “Moderate Risk” category, the audit showed that Briar’s Android app could allow “overlay attacks,” which hijack an application interface—sometimes invisibly—and could trick users into permitting malicious activity. The audit notes that such attacks can be prevented in versions Android 12 and higher (issue OTF-001 in the audit report).
“Low-Risk” issues:
1. Security vulnerability in how the application package is shared over WiFi, due to use of relatively short pre-shared keys (PSKs). Attackers physically close to their target while this feature is in use could mount a brute-force attack and inject malware into the package as the target downloads it for the first time (issue OTF-002 in the audit report).
2. A reliance on the Transmission Control Protocol (TCP) communications standard when connecting to the Tor Network, which could leave Briar open to some attacks due to Android’s lack of a “sandbox” for TCP sockets. A sandbox is a security practice in which an isolated environment, or “sandbox,” is used to restrict the interaction of a program with an operating system because the program is untested or contains malicious code (issue OTF-003 in the audit report).
3. A vulnerability to stack overflow attacks (when the memory is overrun or filled beyond its allocated capacity) that could make it easier to exploit memory corruption issues. (issue OTF-004 in the audit report).
4. Missing functionality that allows users who join remotely to become fully verified later, effectively leaving them “stuck” at a lower level of trust because their Briar contact was not established in person or via the QR code feature (issue OTF-005 of the audit report).
5. Parts of the protocol allow deniability (where contacts can plausibly deny having had a basic message exchange even if the adversary saves the transcript) while others don’t (such as Briar’s forums, blogs, and group chats)—yet this is missing from user documentation (issue OTF-006 in the audit report).
Remediation
After the audit concluded in October 2023, the Briar team worked to address the issues reported. Radically Open Security retested the tool during February and March 2024 and found that four of the six issues had been resolved. Briar plans to fix issues OTF-003 and OTF-005 in the future.