Jack Dorsey's new open source messaging app, Bitchat, aims to be decentralized, private, and secure. However, it has been reported that the app lacks adequate security measures. Bitchat's GitHub notes that it has not undergone external security reviews and may have vulnerabilities. After the app's launch, security researchers discovered issues such as impersonation due to broken identity authentication. A coder filed a GitHub ticket about the problem, but the response from Dorsey raised concerns. Some users have advised caution regarding the app's security claims.
This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed.
Alex Radocea explained that he was able to impersonate other users on the app because of its broken identity authentication/verification - a completely avoidable issue had Bitchat's creators just done a bit more legwork on building out the security protocols.
Security is a great feature to have for going viral, but a basic sanity check... would be a very obvious thing to test when building something like this.
Radocea cautions potential users not to trust Bitchat's security-forward claims just yet - especially given that others have found unique vulnerabilities of their own.
Collection
[
|
...
]