Author Topic: Encrypted Messaging App Confide Was Full of Security Bugs Exposing User Data  (Read 30 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
Encrypted Messaging App Confide Was Full of Security Bugs Exposing User Data
10 March 2017, 1:39 am

Secure messaging app Confide is, apparently, not as secure as it claims to be, with several security holes making it easy to hack. 

According to a blog post by security company IOActive, several vulnerabilities were found in Confide, despite its "military-grade" end-to-end encryption. 

It seems that IOActive managed to get access to records for 7,000 Confide users by exploiting vulnerabilities they discovered in the app's account management system. They explain that part of the problem came from Confide's very API, which could be used to reveal data on users, including their phone numbers and email addresses. 

Researchers further discovered the app allowed user to choose basic passwords. When brute-force attacks were used against a user's account, the app could not block the attacker. 

IOActive also adds that data sent from ... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks