Submission + - Flaws in Zoom's Keybase App Kept Chat Images From Being Deleted
chicksdaddy writes: The Security Ledger reports (https://securityledger.com/2021/02/exclusive-flaws-in-zooms-keybase-app-kept-chat-images-from-being-deleted/ ) that a flaw in Zoom’s Keybase (https://keybase.io/blog/keybase-joins-zoom) secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the group Sakura Samurai. (https://sakurasamurai.pro/)
The flaw in the encrypted messaging application, CVE-2021-23827(https://johnjhacking.com/blog/cve-2021-23827/) does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months.
Sakura Samurai researchers Aubrey Cottle (@kirtaner), Robert Willis (@rej_ex) and Jackson Henry (@JacksonHHax) discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger.
In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security “very seriously.”
“We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,” the spokesman said.
In most cases, the failure to remove files from cache after they were deleted would count as a “low priority” security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.
“An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues.”
The flaw in the encrypted messaging application, CVE-2021-23827(https://johnjhacking.com/blog/cve-2021-23827/) does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months.
Sakura Samurai researchers Aubrey Cottle (@kirtaner), Robert Willis (@rej_ex) and Jackson Henry (@JacksonHHax) discovered an unencrypted directory,
In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security “very seriously.”
“We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,” the spokesman said.
In most cases, the failure to remove files from cache after they were deleted would count as a “low priority” security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.
“An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently. A user, believing that they are sending photos that can be cleared later, may not realize that sent photos are not cleared from the cache and may send photos of PII or other sensitive data to friends or colleagues.”
Flaws in Zoom's Keybase App Kept Chat Images From Being Deleted More Login
Flaws in Zoom's Keybase App Kept Chat Images From Being Deleted
Slashdot Top Deals