4, December, 2023
HomeTechnologyPrivacy Concerns Surrounding Nothing Chats: Sunbird's iMessage Support on Android Falls Short

Privacy Concerns Surrounding Nothing Chats: Sunbird’s iMessage Support on Android Falls Short

Published on

Sunbird has been making promises of iMessage support on Android for nearly a year, but recent developments have unveiled unsettling privacy issues. The recently launched Nothing Chats, built on the Sunbird platform, has failed to deliver on its end-to-end encryption promises. Contrary to assurances, user data, including images, is easily accessible in plain text.

Read Also | Nothing Chats App: Unveiling Security Flaws and the Urgent Need for User Protection

The concept behind Sunbird and Nothing Chats involves providing iMessage support for Android users by having them log in to their Apple ID through the app, routing the login through a Mac server farm. Although this method is not unique, Sunbird emphasized maintaining end-to-end encryption throughout the entire process.

However, recent revelations contradict these claims. Twitter user “Wukko” disclosed that Nothing Chats sends all media attachments, including user images, to Sentry, with links visible in plain text. Additionally, all data is sent and stored through Firebase without any encryption.

Independent confirmation by media supports Wukko’s findings. Research by Dylan Roussel revealed that once a user authenticates with insecure JSON Web Tokens (JWT) in transit, they can access Nothing Chat’s Firebase database, exposing messages and files from other users in real-time and plain text. Notably, vCards containing sensitive user information, such as names, phone numbers, and email addresses, are easily accessible.

Sunbird, via Firebase, currently stores over 630,000 media files, including images, videos, PDFs, and audio. While Sunbird doesn’t store user data on its servers, the data is still vulnerable to security breaches.

A blog post highlighted the ease of automating the process to download this information with minimal code. A demonstration revealed an iMessage appearing as “end-to-end encrypted” text in plain text, emphasizing the severity of the vulnerability. A proof of concept was shared on Github to illustrate the exploit.

This privacy nightmare came to light on November 17, prompting immediate notification to Nothing, despite the lack of a dedicated point of contact for security issues. In response, it appears that Nothing and Sunbird may have blocked app downloads on the Play Store, signaling a potential awareness of the issue.

Read Also | Nothing’s Messaging Platform Faces Privacy Concerns: Beta Pulled from Google Play Store

The accessibility of image files is just the tip of the iceberg. The broader concern is the apparent lack of due diligence by Nothing in uncovering this vulnerability during the partnership’s development. The question arises: if this flaw was discovered within 24 hours by multiple users, what other potential security issues remain undiscovered? Users are strongly advised against downloading Nothing Chats or Sunbird in light of these revelations.

Latest articles

Giorgia Andriani Opens Up About Split with Arbaaz Khan – Affirms ‘Always Have Feelings for Him

Giorgia Andriani recently confirmed her separation from actor-producer Arbaaz Khan in an interview, expressing...

How Dinosaurs Shaped Human Lifespan, Revealing the 200-Year Mystery

In a recent study, a scientist proposed that humans might have lived up to...

Biden to Restrict China Travel Amid Concerns Over Respiratory Illness

Senate Republicans are urging President Biden to limit travel between the U.S. and China...

More like this

Alexa’s Enhanced App – Simplifying Smart Home Management for You

Amazon's Alexa app has been revamped to offer easier management for your smart home...

Elon Musk’s X Faces Mass Resignations Amidst Controversies – Advertisers in Backlash

Elon Musk's company, X, grapples with a growing turmoil as resignations surge and advertisers...

Tesla Cybertruck Showdown, Outraces Porsche 911 While Towing Another 911

The much-awaited Tesla Cybertruck deliveries have finally begun, showcasing an unorthodox electric pickup truck...
Enable Notifications OK