CVE-2022-39248: 
Java vulnerability analysis and mitigation

CVE-2022-39248 affects matrix-android-sdk2, the Matrix SDK for Android, prior to version 1.5.1. The vulnerability allows an attacker cooperating with a malicious homeserver to construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. This protocol confusion vulnerability was discovered by researchers from Royal Holloway University London, University of Sheffield, and Brave Software, and was disclosed on September 28, 2022 (Matrix Blog, NVD).

The vulnerability stems from a protocol confusion bug where the SDK accepts to-device messages encrypted with Megolm instead of Olm, attributing them to the Megolm sender rather than the actual sender. Additionally, matrix-android-sdk2 would sign such a key backup with its device key, spreading trust to other devices trusting the matrix-android-sdk2 device. The issue was fixed in version 1.5.1 by modifying the SDK to only accept Olm-encrypted to-device messages and stopping the signing of backups on successful decryption (GitHub Advisory).

An attacker could perform a targeted attack to send fake to-device messages appearing to originate from another user. This could be exploited to inject the key backup secret during a self-verification, making a targeted device start using a malicious key backup spoofed by the homeserver. The vulnerability affects applications using matrix-android-sdk2, including Element, Beeper, Cinny, SchildiChat, Circuli, and Synod.im (Matrix Blog).

The vulnerability was patched in matrix-android-sdk2 version 1.5.1. The fix includes only accepting Olm-encrypted to-device messages and stopping the signing of backups on successful decryption. Additional security measures were implemented, including discarding cleartext messages and secrets received from untrusted devices. For users who cannot immediately update, the main workaround is to avoid verifying new logins using emoji/QR verification methods until patched (GitHub Advisory).

The Matrix.org Foundation acknowledged the severity of the vulnerability and thanked the security researchers for their deep dive investigation. They emphasized that this was an implementation issue rather than a protocol flaw, noting that independently implemented clients using the Matrix spec were not affected. The foundation also announced plans for additional security measures, including ongoing public independent audits and future protocol changes (Matrix Blog).