The messaging app Freedom Chat recently addressed security vulnerabilities that exposed users’ phone numbers and PINs, potentially compromising user privacy and security. Launched in June as a secure messaging platform, Freedom Chat faced issues where a security researcher, Eric Daigle, discovered flaws that could allow unauthorized access to sensitive user information.
Daigle found that these vulnerabilities enabled the exposure of user-set PIN codes and allowed for the enumeration of phone numbers associated with nearly 2,000 users. This discovery echoed a similar technique used in recent academic research on WhatsApp accounts, emphasizing the critical need for robust security measures in messaging apps.
Upon notification by TechCrunch, Freedom Chat founder Tanner Haas took prompt action by resetting user PINs, releasing a new app version, and enhancing server defenses to prevent mass-guess attacks. Haas also acknowledged the inadvertent visibility of users’ phone numbers and committed to ensuring better data protection moving forward.
While the security flaws have been addressed, this incident underscores the ongoing challenge of safeguarding user data in messaging apps. It serves as a reminder for app developers to prioritize security assessments and implement proactive measures to prevent unauthorized access to sensitive information.
Source: TechCrunch
Leave a Reply