1) Ephemeral Key Compromise Impersonation
2) Vouch Box Forgery
3) Message Reordering and Deletion
4) Replay and Reflection Attacks
5) Kompromat Attack
6) Cloning via Threema ID Export
7) Compression Side-Channel
We disclosed our findings to the Threema development team on the 3rd of October 2022, including possible mitigations for the attacks. Soon after, we met with Threema representatives to discuss our work and its public disclosure. On that occasion, we agreed on an initial batch of mitigations to be released in Q4 of 2022, followed by the public disclosure and final mitigations to be released in Q1 of 2023. In December 2022, we agreed on the 9th of January 2023 as the date of public disclosure.
On the 29th of November 2022, Threema released a new protocol, Ibex, in order to further mitigate our attacks. The Ibex protocol aims to provide forward security for the E2E layer in Threema. We have not audited this new protocol.