QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft
QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.
After digging into QuickBlox's software development kit and application programming interface (API), Team 82 alongside Check Point Research found that there were critical vulnerabilities putting the personal data of millions of people at risk.
QuickBlox is a chat and video calling platform in use across various industries, including finance and telemedicine. In researching the platform's vulnerabilities, Team 82 and Check Point Research pioneered several proof-of-concept exploits for applications running the API.
The teams also provided examples of how secret tokens and passwords in the QuickBlox architecture could allow threat actors to source information about QuickBlox users. The researchers found unique ways to exploit these vulnerabilities and carry out potential attacks, ultimately allowing them to remotely open doors using intercom features or leak patient information from a telemedicine platform.
Team82 and Check Point Research worked with QuickBlox to find solutions to the issues, including new architecture for its platform and a whole new API. Users of QuickBlox are advised to migrate to the latest versions for both updates.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024