Security flaws in Freedom Chat app exposed users’ phone numbers and PINs

Messaging app Freedom Chat has fixed a brace of information flaws: 1 that allowed a information researcher to conjecture registered users’ telephone numbers, and different that exposed user-set PINs to others connected the app.

Freedom Chat, released successful June, bills itself arsenic a unafraid messaging app, and claims connected its website that users’ telephone numbers enactment private.

But information researcher Eric Daigle told TechCrunch that users’ telephone numbers and PIN codes, utilized for locking the app, could beryllium easy obtained by exploiting vulnerabilities.

Daigle recovered the vulnerabilities past week and shared their details with TechCrunch, arsenic Freedom Chat does not supply a nationalist mode to study information flaws, similar a vulnerability disclosure program. TechCrunch past alerted Freedom Chat laminitis Tanner Haas to the information flaws by email.

Haas confirmed to TechCrunch that the app has present reset idiosyncratic PINs and released a caller version. Haas added that the institution is removing instances wherever users’ telephone numbers were occasionally visible, and has notched up rate-limiting connected its servers to forestall mass-guess attempts.

Daigle, who published his findings in a blog post, told TechCrunch it was imaginable to enumerate the telephone numbers of adjacent to 2,000 users who had signed up to usage Freedom Chat since it launched. Daigle said Freedom Chat’s servers allowed anyone to flood it with millions of telephone fig guesses to find if a user’s telephone fig was stored connected the servers.

Per Daigle, this method is identical to 1 described by the University of Vienna successful probe past month, wherever academics scraped information connected immoderate 3.5 cardinal idiosyncratic accounts who signed up to WhatsApp by matching billions of telephone numbers against WhatsApp’s servers.

Daigle besides recovered Freedom Chat was leaking users’ PIN codes. Using an open-source web postulation inspection instrumentality to analyse the information going successful and retired of the app, Daigle saw that the app would respond with the PIN codes of each different idiosyncratic successful the aforesaid nationalist transmission — adjacent if the PINs weren’t disposable to users wrong the app itself.

According to Daigle, anyone who was successful the default Freedom Chat channel, which users are automatically subscribed to erstwhile they archetypal motion up, had their PIN broadcast to everyone other successful the channel. Daigle told TechCrunch that cognition of a person’s PIN could let idiosyncratic to unfastened the app from a user’s stolen device.

In an app store update published Sunday, Freedom Chat noted: “A captious reset: A caller backend update inadvertently exposed idiosyncratic PINs successful a strategy response. No messages were ever astatine risk, and due to the fact that Freedom Chat does not enactment linked devices, your conversations were ne'er accessible; however, we’ve reset each idiosyncratic PINs to guarantee your relationship stays secure. Your privateness remains our apical priority.”

Freedom Chat is Haas’ 2nd messaging app, aft Converso, which was delisted from app stores pursuing the disclosure of security flaws that exposed users’ backstage messages and content.