Messaging app Freedom Chat has fixed a pair of security flaws: one that allowed a security researcher to guess registered users' phone numbers, and another that exposed user-set PINs to others on the app. Daigle found the vulnerabilities last week and shared their details with TechCrunch, as Freedom Chat does not provide a public way to report security flaws, like a vulnerability disclosure program. TechCrunch then alerted Freedom Chat founder Tanner Haas to the security flaws by email. Haas confirmed to TechCrunch that the app has now reset user PINs and released a new version. Haas added that the company is removing instances where users' phone numbers were occasionally visible, and has notched up rate-limiting on its servers to prevent mass-guess attempts. Daigle, who published his findings in a blog post, told TechCrunch it was possible to enumerate the phone numbers of close to 2,000 users who had signed up to use Freedom Chat since it launched. Daigle said Freedom Chat's...
learn more
