Elon Musk, the owner of X (formerly Twitter), has thrown down a gauntlet to the global cybersecurity community. He has publicly invited security engineers and researchers to attempt to break the encryption system of X's newly launched Chat feature. This bold challenge comes amidst a growing debate about the actual security robustness of the platform's implementation.
The Challenge and The Claim
Taking to his own social media platform, Musk addressed critics directly. He stated, "We welcome any attempts to break X encryption." This statement was a response to concerns raised by users and experts regarding the security architecture of X Chat's end-to-end encryption, which Musk had earlier touted as being "much more secure than email."
The feature, announced recently, is designed to offer WhatsApp-like secure messaging. The company described it as a "new end-to-end encrypted messaging feature (still in Beta)" that uses a system called the Juicebox Protocol. A key aspect of its design is simplified key recovery. Unlike other platforms that might use QR codes, X stores sharded key material across three secure storage realms, which include Hardware Security Modules (HSMs) and software databases. Crucially, this key material can be recovered using a 4-digit PIN that, according to X, never leaves the user's device.
Critics Point Out Potential Flaws
The invitation to break the encryption was prompted by pointed criticism from the community. An X user named Sooraj Sathyanarayanan detailed several technical concerns in a lengthy post, questioning Musk's security claims.
The primary criticism revolves around the fact that X stores private key backups on its own servers. While the platform has introduced safety numbers—a feature to verify contact identities—critics argue this does not protect users from X itself, a rogue insider, or a government with a legal warrant. In contrast, apps like Signal do not store keys on servers, leaving nothing to hand over.
Another major point of contention is the lack of "forward secrecy." According to X's own documentation, if a device's private key is compromised, an attacker could decrypt a user's entire message history. Modern standards, as used by Signal, employ a "Double Ratchet" algorithm that generates new keys for every message, limiting exposure to just one message if a key is breached.
Sathyanarayanan and others also highlighted the vulnerability of the 4-digit PIN protecting the Juicebox system. They argue that if rate-limiting is disabled—either by X or an attacker with server access—this PIN is trivial to brute-force. Furthermore, critics noted that X Chat's metadata (who you message, when, and how often) is not encrypted, which can be highly revealing.
A final point of comparison is that Signal's code has been open-source and audited for over a decade, whereas X has promised to open-source XChat and publish a whitepaper only by June 2025, a promise yet to be fulfilled.
The Bottom Line for Users
The core advice from security-conscious voices is one of caution. They are not advocating for users to abandon X, but they strongly warn against using X Encrypted Direct Messages for highly sensitive communication. "I'm saying don't use X Encrypted DMs for anything you wouldn't post publicly," Sathyanarayanan concluded, recommending Signal for actual private conversations due to its proven, scrutinized cryptography.
Elon Musk's open challenge has undoubtedly intensified the spotlight on X Chat's security model. Whether security researchers will successfully expose critical flaws or validate the system's strength remains to be seen, but the debate has clearly outlined the significant differences between X's approach and established industry standards for private messaging.
