Security flaws in Freedom Chat app exposed users’ phone numbers and...
Experts suggest that messaging app freedom chat has fixed a pair of security flaws: one that allowed a security researcher to guess registered users’ phone numbers, and another that exposed user-set pins to others on the app Experts suggest that freedom chat, released in june, bills itself as a secure messaging app, and claims on its website that users’ phone numbers stay private Interestingly, but security researcher eric daigle told techcrunch that users’ phone numbers and pin codes, used for locking the app, could be easily obtained by exploiting vulnerabilities Experts suggest that daigle found the vulnerabilities last week and shared their details with techcrunch, as freedom chat does not provide a public way to report security flaws, like a vulnerability disclosure program In recent developments, techcrunch then alerted freedom chat founder tanner haas to the security flaws by email Interestingly, haas confirmed to techcrunch that the app has now reset user pins and released a new version In recent developments, haas added that the company is removing instances where users’ phone numbers were occasionally visible, and has notched up rate-limiting on its servers to prevent mass-guess attempts Experts suggest that daigle, who published his findings in a blog post, told techcrunch it was possible to enumerate the phone numbers of close to 2,000 users who had signed up to use freedom chat since it launched
댓글 쓰기