Confide – an app known to be preferred by white house staff officials, providing “military level end-to-end encryption” just revealed to be such vulnerable that attacker could access through and could also imitate friendly contacts, amend the messages in transit and spy on contact details, as told by a cyber security firm.
According to a report from IOActive security researchers Mike Davis and Ryan O’Horo, an attacker could have taken the full advantage until most of the vulnerabilities were fixed by confide, after the company IOAcive had contacted the app with its research.
Confide, offering a feature of disappearing message was reported to be used by white house staffers and prominent republicans, Axios reported last month. The application makes it difficult to screenshot full text as you have to you have to slide your fingers over text and it only captures a portion of the screen. By default, the app deletes messages after they are read. “We immediately delete them from our servers and wipe them from the device,” says Jon Brod, co-founder, and the company’s president.
Sean Spicer, the White House press secretary, and White House director of strategic communications Hope Hick had downloaded the app at some point, the BuzzFeed news confirmed.
After the revelation of these reports, the confide’s download numbers are raised. Investors like Google Ventures, SV Angel, and Billy Bush had raised more than $3 million to assist creating the app, which also syncs with iMessage for Apple users.
As reported by Buzzfeed, O’Horo and Davis have now interpreted the details about the security concerns prompted after using the app.
According to the report, an attacker could access to an app in use and appears to be an account holder and could perform malicious acts such as altering the content of a message, crack into someone’s confide book address, decrypt texts in transit or guess a user’s password.
The site becomes vulnerable because of technical loopholes such as nonexistence of legal SSL certificate that ensures the app communicator server is not a fake identity. Without keeping eye on SSL certificate, the sensitive data is prone to be intervened by someone who’s sharing a network with confide user.
The app also allows to deliver texts unencrypted and someone could guess the password by attempting it as many times as they want, the report further explains.
O’Horo and Davis have found the Donald Trump associate and several Department of Homeland Security employees, with app downloading. These were discovered from 7,000 account records which give them access to email addresses and real names, created in two days, out of a database they estimated to contain between 800,000 and 1 million records.
However, in a statement to The register, Confide said, “not only have these issues been addressed, but we also have no detection of them being exploited by any other party.”
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.
More from Zehra AliRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...