05-25-2022, 11:36 PM
Does Element/Matrix generate link previews on the server, thus bypassing end-to-end encryption on E2EE enabled rooms?
Related links:
https://github.com/vector-im/element-android/issues/481
https://github.com/matrix-org/matrix-spec-proposals/issues/2120
https://docs.t2bot.io/matrix-media-repo/url-previews/index.html
https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html
https://matrix-org.github.io/synapse/latest/media_repository.html#url-previews
https://matrix-org.github.io/synapse/latest/development/url_previews.html
Can URL link previews lead the server or user to execute malware? These links imply yes:
https://www.bilibili.com/video/BV1ba411A7g6/ - Link Previews- How hackers can run any JavaScript code on Instagram
https://www.mysk.blog/2020/10/25/link-previews/
https://securityintelligence.com/articles/link-previews-security-and-privacy/
https://security.stackexchange.com/questions/239928/are-preview-thumbnails-for-links-a-risk
https://gigazine.net/gsc_news/en/20201027-messengers-leak-data-drain-battery/
Other links on link previews:
https://9to5mac.com/2020/10/26/researchers-demonstrate-how-link-previews-in-apps-can-expose-data-from-users/
https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/
https://www.macrumors.com/2020/10/26/link-previews-may-lead-to-security-vulnerabilities/
Malware in images:
https://blog.reversinglabs.com/blog/malware-in-images
https://security.stackexchange.com/questions/237715/if-malware-can-be-attached-to-an-image-file-then-why-arent-images-a-common-att
Related links:
https://github.com/vector-im/element-android/issues/481
https://github.com/matrix-org/matrix-spec-proposals/issues/2120
https://docs.t2bot.io/matrix-media-repo/url-previews/index.html
https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html
https://matrix-org.github.io/synapse/latest/media_repository.html#url-previews
https://matrix-org.github.io/synapse/latest/development/url_previews.html
Can URL link previews lead the server or user to execute malware? These links imply yes:
https://www.bilibili.com/video/BV1ba411A7g6/ - Link Previews- How hackers can run any JavaScript code on Instagram
https://www.mysk.blog/2020/10/25/link-previews/
https://securityintelligence.com/articles/link-previews-security-and-privacy/
https://security.stackexchange.com/questions/239928/are-preview-thumbnails-for-links-a-risk
https://gigazine.net/gsc_news/en/20201027-messengers-leak-data-drain-battery/
Other links on link previews:
https://9to5mac.com/2020/10/26/researchers-demonstrate-how-link-previews-in-apps-can-expose-data-from-users/
https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/
https://www.macrumors.com/2020/10/26/link-previews-may-lead-to-security-vulnerabilities/
Malware in images:
https://blog.reversinglabs.com/blog/malware-in-images
https://security.stackexchange.com/questions/237715/if-malware-can-be-attached-to-an-image-file-then-why-arent-images-a-common-att
