Is Wire Desktop susceptible to this Electron Vulnerability like Teams, Slack and Discord?
find-marc opened this issue · comments
At the Black Hat cybersecurity conference in Las Vegas on Thursday, the researchers presented their findings, detailing how they could have hacked people who use Discord, Microsoft Teams, and the chat app Element by exploiting the software underlying all of them: Electron, which is a framework built on the open source Chromium and the cross-platform javascript environment Node JS.
More info here:
https://www.blackhat.com/us-22/briefings/schedule/index.html#electrovolt-pwning-popular-desktop-apps-while-uncovering-new-attack-surface-on-electron-26322
https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps
Likely, yes. Since Wire on Desktop seems to use Electron as well. The problem you mentioned however is already fixed so shouldn't be an issue any longer. "The bugs were fixed before the researchers published their research. "
"One of the researchers who found these vulnerabilities said [...]" [...] he doesn’t run Electron apps, instead opting for using apps [..] inside his browser, which is more hardened against hackers."
“[..] I recommend using the website itself because then you have the protection which Chromium has, which is much larger than the Electron,” Purani said.
I don't think there is much Wire can do in this case since. There are some things you can do however if you are very concerened; like switching to using Wire in your browser, optimally with some additional sandboxing.
This appears to be deprecated so i am closing it.