Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being DeletedĪ serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted.
FLAWS DELETED ZOOM KEYBASE APP CHAT FREE
It is completely free to use and another interesting fact is, this app does not show any sorts of. Zoom CEO Eric Yuan put in a place a 90-day plan, on April 1, to address the company's. to reduce risks and vulnerabilities to a reasonable and appropriate level. The flaw in the encrypted messaging application ( CVE-2021-23827) does not expose Keybase users to remote compromise. Some of the interesting facts about Keybase:- The flaw was reported to Zoom and fixed in Keybase 5.6.0 for Windows and Keybase 5.6.1 for macOS and Linux. And because HIPAA does apply to many healthcare apps, healthcare providers. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. The flaw was discovered by researchers from the group Sakura Samurai as part of a bug bounty program offered by Zoom, which acquired Keybase in May, 2020.
FLAWS DELETED ZOOM KEYBASE APP CHAT SOFTWARE
Zoom said it has fixed the flaw in the latest versions of its software for Windows, macOS and Linux.Īccording to researcher John Jackson of Sakura Samurai, the Keybase flaw manifested itself in two ways. Lauren Barack Video conferencing company Zoom has bought Keybase, an encryption firm, for an undisclosed price, looking to weave the technology into its video conferencing platform. First: Jackson discovered that images that were copy and pasted into Keybase chats were not reliably deleted from a temporary folder, /uploadtemps, associated with the client application. “In general, when you would copy and paste in a Keybase chat, the folder would appear in (the uploadtemps) folder and then immediately get deleted,” Jackson told Security Ledger in a phone interview.
Clearly there was some kind of software error – a collision of sorts – where the images were not getting cleared.”ĭiscovering that flaw put Sakura Samurai researchers on the hunt for more and they soon struck pay dirt again. Sakura Samurai members Aubrey Cottle ( Robert Willis ( Jackson Henry ( discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, Jackson said.
0 kommentar(er)
