• 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 days ago

    Theoretically, yes. But if it’s a legal entity that added it, they can easily circumvent any attempt to eradicate it. Or, in a more extreme way, criminalize FOSS chat apps altogether, then the code will have to be analyzed in a RE environment. Maybe the non FOSS server code is where the backdoor is added. There are so many relatively hidden ways to compromise a chat app’s supply chain.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      0
      ·
      10 days ago

      I doubt any FOSS restriction is doable at all. As for the supply chain - xz showed this is indeed possible… But no one can guarantee that every encrypted client would be able to get such a well-hidden backdoor, and that it will stay undiscovered, and that it wouldn’t be invalidated with an update… But yeah, the only way this can be combatted is having more eyes on such software.