Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Messaging app Freedom Chat has fixed a pair of security flaws: one that allowed a security researcher to guess registered users’ phone numbers, and another that exposed user-assigned PINs to others on the app.
Freedom Chat, which was released in June, presents itself as a secure messaging app, and claims on its website that users’ phone numbers remain private.
But security researcher Eric Daigle told TechCrunch that users’ phone numbers and PIN codes used to lock the app could easily be obtained by exploiting security vulnerabilities.
Daigle discovered the vulnerabilities last week and shared their details with TechCrunch Freedom Chat does not provide a public way to report security flaws, like a vulnerability disclosure program. TechCrunch then alerted Freedom Chat founder Tanner Haas to the security flaws via email.
Haas confirmed to TechCrunch that the app has now reset user PINs and released a new version. Haas added that the company is removing instances where users’ phone numbers were sometimes visible, and has set a rate limit on its servers to prevent mass guessing attempts.
Diggle, who published his findings In a blog postHe told TechCrunch that it is possible to enumerate the phone numbers of nearly 2,000 users who have signed up to use Freedom Chat since its launch. Freedom Chat’s servers allow anyone to flood them with millions of phone number guesses to determine whether a user’s phone number is stored on the servers, Daigle said.
According to Daigle, this technology is identical to one Described by the University of Vienna In research last month, where Academics scraped Data on about 3.5 billion user accounts who have registered for WhatsApp by matching billions of phone numbers with WhatsApp servers.
Daigle also discovered that Freedom Chat was leaking users’ PIN codes. Using an open-source network traffic inspection tool to analyze data going into and out of the app, Daigle saw that the app would respond with PIN codes for every other user in the same public channel — even if the PINs were not visible to users within the app itself.
According to Daigle, anyone who was in the virtual Freedom Chat channel, which users automatically sign up for when they first sign up, had their PIN broadcast to everyone else in the channel. Daigle told TechCrunch that knowing someone’s PIN could allow someone to open the app from the user’s stolen device.
In an App Store update posted on Sunday, Freedom Chat noted the following: “A critical reset: A backend update inadvertently exposed user PINs in a system response. No messages were ever compromised, and because Freedom Chat does not support linked devices, your conversations were never accessible; however, we have reset all user PINs to ensure your account remains secure. Your privacy remains our top priority.”
Freedom Chat is Haas’s second messaging app, after Converso, to be removed from app stores following a revelation Security flaws Which revealed users’ private messages and content.