Hasty Briefsbeta

“Super secure” MAGA-themed messaging app leaks everyone's phone number

4 days ago
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
Copy Link
  • #privacy
  • #vulnerability
  • #security
  • Freedom Chat, a MAGA-themed messaging app, leaked users' phone numbers and PINs due to security vulnerabilities.
  • The app initially claimed to offer state-of-the-art end-to-end encryption and decentralized architecture but failed to deliver on these promises.
  • Security researcher crnković found that the app collected metadata and used a third-party E2EE provider improperly, making messages easily readable.
  • After vulnerabilities were disclosed, Freedom Chat initially released an update but later withdrew from app stores to address issues.
  • CEO Tanner Haas relaunched the app with a rebrand, emphasizing lessons learned, yet responded poorly to criticism.
  • The app's Channels feature exposed users' PINs to all channel members, compromising security.
  • A script was developed to exploit the app's lack of rate limiting, leaking every user's phone number and PIN.
  • Freedom Chat's response to the disclosure was slow, and fixes were promised but delayed.
AboutLogin