QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft

QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.

Dark Reading Staff, Dark Reading

July 12, 2023

1 Min Read
concept photo of cybersecurity with someone on their laptop
Source: NicoElNino via Alamy Stock Photo

After digging into QuickBlox's software development kit and application programming interface (API), Team 82 alongside Check Point Research found that there were critical vulnerabilities putting the personal data of millions of people at risk.

QuickBlox is a chat and video calling platform in use across various industries, including finance and telemedicine. In researching the platform's vulnerabilities, Team 82 and Check Point Research pioneered several proof-of-concept exploits for applications running the API. 

The teams also provided examples of how secret tokens and passwords in the QuickBlox architecture could allow threat actors to source information about QuickBlox users. The researchers found unique ways to exploit these vulnerabilities and carry out potential attacks, ultimately allowing them to remotely open doors using intercom features or leak patient information from a telemedicine platform.

Team82 and Check Point Research worked with QuickBlox to find solutions to the issues, including new architecture for its platform and a whole new API. Users of QuickBlox are advised to migrate to the latest versions for both updates.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights