Nothing’s iMessage app was a safety disaster, taken down in 24 hours

The Nothing Phone 2 all lit up.

Enlarge / The Nothing Cellphone 2 all lit up. (credit score: Ron Amadeo)

It seems firms that stonewall the media’s safety questions truly aren’t good at safety. Final Tuesday, Nothing Chats—a chat app from Android producer “Nothing” and upstart app firm Sunbird—overtly claimed to have the ability to hack into Apple’s iMessage protocol and provides Android customers blue bubbles. We instantly flagged Sunbird as an organization that had been making empty guarantees for nearly a 12 months and appeared negligent about safety. The app launched Friday anyway and was instantly ripped to shreds by the Web for a lot of safety points. It did not final 24 hours earlier than Nothing pulled the app from the Play Retailer Saturday morning. The Sunbird app, which Nothing Chat is only a reskin of, has additionally been put “on pause.”

The preliminary gross sales pitch for this app—that it might log you into iMessage on Android for those who handed over your Apple username and password—was an enormous safety purple flag that meant Sunbird would wish an ultra-secure infrastructure to keep away from catastrophe. As a substitute, the app turned out to be about as unsecure as you would presumably be. Here is Nothing’s assertion:

Nothing Chat's shut down post.

Nothing Chat’s shut down put up. (credit score: Twitter)

How dangerous are the safety points? Each 9to5Google and Textual (which is owned by Automattic, the corporate behind WordPress) uncovered shockingly dangerous safety practices. Not solely was the app not end-to-end encrypted, as claimed quite a few instances by Nothing and Sunbird, however Sunbird truly logged and saved messages in plain textual content on each the error reporting software program Sentry and in a Firebase retailer. Authentication tokens have been despatched over unencrypted HTTP so this token might be intercepted and used to learn your messages.

Learn 7 remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *