Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Enlarge (credit: matrix.org)
Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical end-to-end encryption vulnerabilities that subvert the confidentiality and authentication guarantees that have been key to the platform's meteoric rise.
Matrix is a sprawling ecosystem of open source and proprietary chat and collaboration clients and servers that are fully interoperable. The best-known app in this family is Element, a chat client for Windows, macOS, iOS, and Android, but there's a dizzying array of other members as well.
Matrix roughly aims to do for real-time communication what the SMTP standard does for email, which is to provide a federated protocol allowing user clients connected to different servers to exchange messages with each other. Unlike SMTP, however, Matrix offers robust end-to-end encryption, or E2EE, designed to ensure that messages can't be spoofed and that only the senders and receivers of messages can read the contents.