Freedom Chat, a messaging application that markets itself on robust security and user privacy, has recently addressed two significant security flaws. These vulnerabilities, discovered by a security researcher, allowed for the potential exposure of users' registered phone numbers and their self-set PINs, which are used to lock the app.
The app, launched in June with promises of keeping user phone numbers private, came under scrutiny when security researcher Eric Daigle uncovered the weaknesses. Daigle informed TechCrunch that exploiting these vulnerabilities made it surprisingly easy to obtain sensitive user data, including phone numbers and PIN codes.
Researcher Uncovers Phone Number and PIN Vulnerabilities
Daigle identified the flaws last week and shared his findings with TechCrunch, noting that Freedom Chat lacked a public vulnerability disclosure program. TechCrunch subsequently alerted Tanner Haas, the founder of Freedom Chat, via email.
One critical flaw allowed for the enumeration of user phone numbers. Daigle, who published his detailed findings in a blog post, demonstrated that it was possible to identify the phone numbers of nearly 2,000 users who had signed up for Freedom Chat since its launch. He explained that the app's servers permitted mass-guessing attempts, allowing anyone to flood the system with millions of phone number queries to determine if a number was associated with a registered user. This technique mirrors a method described by the University of Vienna in a recent study that exposed data on billions of WhatsApp accounts.
The second major vulnerability involved the leakage of user PIN codes. By using an open-source network traffic inspection tool, Daigle observed that the app would inadvertently broadcast the PINs of other users within the same public channel. This occurred even when these PINs were not visibly displayed within the app's interface. According to Daigle, anyone subscribed to the default Freedom Chat channel—which users are automatically joined upon registration—had their PIN openly transmitted to all other channel members. Such exposure could enable unauthorized access to a user's account from a stolen device.
Freedom Chat Responds with Fixes and Resets
In response to the disclosure, Tanner Haas confirmed to TechCrunch that Freedom Chat has taken action. The company has reset all user PINs and released a new version of the app to address the vulnerabilities. Haas also stated that the company is actively removing instances where user phone numbers were occasionally visible and has implemented stricter rate-limiting on its servers to prevent future mass-guessing attempts.
An app store update published on Sunday by Freedom Chat acknowledged the issue:
"A critical reset: A recent backend update inadvertently exposed user PINs in a system response. No messages were ever at risk, and because Freedom Chat does not support linked devices, your conversations were never accessible; however, we’ve reset all user PINs to ensure your account stays secure. Your privacy remains our top priority."
A Pattern of Security Concerns
This incident is not the first time Tanner Haas has faced security challenges with a messaging application. Freedom Chat is Haas's second venture in the messaging space, following Converso. Converso was previously delisted from app stores after security flaws were revealed that exposed users' private messages and content, raising questions about the consistent security practices across his applications.
