![]() The flaws in Keybase do not affect the Zoom application, Jackson said. The implications of that are clear enough.įor example, recent reports say that North Korean state hackers have targeted security researchers via phishing attacks sent via Keybase, Signal and other encrypted applications. In countries with oppressive, authoritarian governments, end to end encrypted messaging apps are a lifeline for political dissidents and human rights advocates.Īs a result of the flaw, however, adversaries who gained access to the laptop or desktop on which the Keybase application was installed could view any images contained in Keybase encrypted chats. Those users were responding to onerous data sharing policies, such as those recently introduced on Facebook’s WhatsApp chat. The flaw takes on even more weight given the recent flight of millions of Internet users to end-to-end encrypted messaging applications like Keybase, Signal and Telegram. ![]() Messaging app flaws take on new importance A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues.” “An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote. #FLAWS IN ZOOM KEYBASE APP CHAT SOFTWARE# In most cases, the failure to remove files from cache after they were deleted would count as a “low priority” security flaw. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,” the spokesman said. “We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. ![]() In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security “very seriously.” The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, Jackson said. Sakura Samurai members Aubrey Cottle ( Robert Willis ( Jackson Henry ( discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. Clearly there was some kind of software error – a collision of sorts – where the images were not getting cleared.”ĭiscovering that flaw put Sakura Samurai researchers on the hunt for more and they soon struck pay dirt again.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |