Security holes in Confide messaging app exposed user details
Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.
Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.
But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.
The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.