Basically, the way it works is that you can send media files to contacts of yours that might not have the app installed. This would result in them receiving a text message, but since they don’t have the app they would have to access through a link that would be provided that would take them to a Content Delivery Network that stores this multimedia on behalf of the chatting app.
The problem with this is that these URLs are sequentially generated, which means that if you see one URL you would be able to guess what the others would be as well even though you have not received the message that the user who owns that multimedia had sent out to be people. As a result of the fact that this is the case, malicious actors may be able to very easily access this data without really having to put all that much effort into this sort of thing.
What’s truly concerning is that the security researchers over at Trustwave informed the chat app’s developer about this issue three months ago, but after not receiving a response to any of their numerous emails they decided to go public with this so that users can be informed and can avoid using this app or at the very least sharing any kind of multimedia through it. This is a pretty chilling reminder of how careful you need to be when it comes to the various apps you use.
Read next: Bug in Facebook Messenger’s Android App Caused Gross Privacy Violations Among Users
No comments:
Post a Comment