LINE Messaging Bugs Open Asian Users to Cyber Espionage

Steven

LINE Messaging Bugs Open Asian Users to Cyber Espionage

Summary

Researchers Thomas Mogensen and Diego De Freitas Aranha from Aarhus University analysed LINE’s custom end-to-end encryption (Letter Sealing v2) and found multiple critical weaknesses. Their work — to be presented at Black Hat Europe — shows the protocol’s design permits message replay attacks, plaintext leakage via stickers and URL previews, and impersonation inside chats. The team also demonstrated man-in-the-middle (MiTM) attacks on iOS devices to validate the flaws against the authentic LINE app.

LINE is a “super app” across parts of East Asia, used for messaging, banking and government services, which magnifies the potential impact of these vulnerabilities. The researchers disclosed the issues to LINE; the company acknowledged them but appears to have no substantial protocol redesign planned, offering only some user-side workarounds and setting changes.

Key Points

  • The stateless protocol design allows servers to replay previously sent ciphertexts at any future time, changing message context and potentially misleading recipients.
  • LINE’s sticker recommendation and URL preview features leak plaintext to servers — typed words and full URLs (which may contain tokens, meeting IDs or credentials) can be exposed.
  • Impersonation attacks are possible: any participant in a chat can forge messages appearing to come from other users if a malicious server is used.
  • Researchers successfully performed MiTM attacks on iOS to confirm practical exploitability against the official LINE client.
  • Exploitation requires users to connect to a malicious LINE server — achievable via social engineering or coercion of providers — and users have little way to detect such tampering.
  • LINE acknowledged the findings but offered only limited mitigation plans; the vulnerabilities stem from innate protocol design choices rather than simple implementation bugs.

Why should I read this?

Look — if you or your organisation uses LINE (especially in Japan, Taiwan, Thailand or Indonesia), this isn’t just academic. The app is woven into everyday life there, so these flaws could turn ordinary chats into espionage channels. We’ve saved you time by pulling out the real risks: replay, plaintext leaks and impersonation, plus the awkward bit — LINE doesn’t have a clear fix lined up.

Context and relevance

The findings matter for privacy, corporate security and civic safety. Because LINE functions as a super app, compromises could expose banking interactions, government communications and business secrets. Threat actors range from financially motivated criminals and insider saboteurs to state-sponsored actors who could coerce infrastructure providers.

For security teams and privacy-conscious users the practical takeaways are: avoid using LINE for high-sensitivity communications where possible; apply any recommended app setting changes from LINE to reduce exposure; monitor vendor advisories; and consider alternatives based on well-reviewed, standardised protocols. The research also underscores a broader lesson: custom cryptographic protocols often reintroduce known pitfalls — stick to vetted standards where security matters.

Source

Source: https://www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage