A popular new messaging app suffered critical security failures. Freedom Chat fixed flaws that exposed user phone numbers and PINs. Security researcher Eric Daigle discovered the vulnerabilities last week.
The app launched in June promising strong user privacy. According to TechCrunch, Daigle found the app’s servers allowed phone number guessing. This let anyone check if a specific number was registered on the service.
Phone Number Guessing Attack Mirrored WhatsApp Scraping
Daigle’s technique involved flooding servers with number guesses. He could verify nearly 2,000 registered user numbers. This method is identical to a recent WhatsApp data scraping incident.
University of Vienna researchers described this flaw last month. They matched billions of numbers against WhatsApp’s servers. Freedom Chat’s system had a similar weakness, Daigle confirmed.
App PIN Codes Were Broadcast to Other Users
A second flaw exposed user-set app lock PINs. Daigle used a network inspection tool to find this. The app sent PIN codes of all users in a public channel to each member.
This happened in the app’s default public channel. Knowledge of a PIN could let someone access the app on a stolen device. Founder Tanner Haas confirmed the flaws to TechCrunch.
The company has now reset all user PINs. Haas said the app released a new version to fix the issues. Server rate-limiting was increased to prevent mass guessing attempts.
The company published an app store update about the reset. It stated no private messages were ever at risk. Freedom Chat does not support linked devices, limiting potential damage.
The discovery of these Freedom Chat security flaws highlights ongoing privacy challenges in new messaging apps. Users must remain cautious even with services promising enhanced security.
Thought you’d like to know-
Q1: Could anyone access my private messages through these flaws?
No. According to the findings, private message content was not exposed. The flaws involved phone number discovery and PIN code exposure, not message decryption or access.
Q2: How many users were affected by these issues?
The security researcher estimated nearly 2,000 registered users’ phone numbers could be guessed. All users in the default public channel had their PIN codes exposed to others in that channel.
Q3: Is Freedom Chat safe to use now?
The founder states the issues are fixed. The company reset all PINs and updated the app. However, experts often recommend caution with new apps that have early security lapses.
Q4: What should affected users do?
Users should update to the latest app version immediately. They must also set a new, strong app-lock PIN. Remaining vigilant for unusual activity is also advised.
Q5: Who is the founder of Freedom Chat?
Tanner Haas is the founder. Freedom Chat is his second messaging app. His first app, Converso, was delisted after similar security flaws were discovered.
iNews covers the latest and most impactful stories across
entertainment,
business,
sports,
politics, and
technology,
from AI breakthroughs to major global developments. Stay updated with the trends shaping our world. For news tips, editorial feedback, or professional inquiries, please email us at
[email protected].
Get the latest news and Breaking News first by following us on
Google News,
Twitter,
Facebook,
Telegram
, and subscribe to our
YouTube channel.
