Critical Vulnerabilities Found in LINE Messaging App's End-to-End Encryption Protocol

Researchers from Aarhus University (Diego, Thomas, and Adam Hansen) presented a security analysis of Letter Sealing, the end-to-end encryption (E2EE) protocol used in the LINE messaging app, which serves nearly 1 billion users primarily in Japan, Thailand, Taiwan, and Indonesia. Their findings revealed critical vulnerabilities in LINE’s V2 protocol, including replay attacks (enabled by server-side counter manipulation via Thrift encoding), message reordering, impersonation in group chats (where a malicious user and server can forge messages), and metadata leakage through unencrypted stickers and URLs. The protocol fails to uphold core E2EE properties—confidentiality, integrity, authentication, and forward secrecy—due to stateless design, lack of key rotation, and reliance on server-side timestamps. The team demonstrated attacks using a man-in-the-middle setup on iOS, exploiting flaws like the server overwriting message counters and the absence of cryptographic binding for group membership. LINE acknowledged the replay and reordering issues as inherent design limitations but claimed server-side mitigations for impersonation, though these are ineffective against a malicious server. The researchers contrasted LINE’s protocol with Signal’s ratchet mechanism, which prevents such attacks through continuous key updates and per-sender keys. Disclosure to LINE occurred in June, with the company committing to protocol updates. The analysis underscores risks of deploying custom cryptography without rigorous peer review.