QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft

  /     /     /  
Publicated : 23/11/2024   Category : security


QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft


QuickBlox users should update to the latest version of the platform in order to protect against several avenues of exploitation.



After digging into QuickBloxs software development kit and application programming interface (API),
Team 82 alongside Check Point Research
found that there were critical vulnerabilities putting the personal data of millions of people at risk.
QuickBlox is a chat and video calling platform in use across various industries, including finance and telemedicine. In researching the platforms vulnerabilities, Team 82 and Check Point Research pioneered several 
proof-of-concept exploits
for applications running the API. 
The teams also provided examples of how secret tokens and passwords in the QuickBlox architecture could allow threat actors to source information about QuickBlox users. The researchers found unique ways to exploit these vulnerabilities and carry out potential attacks, ultimately allowing them to remotely open doors using intercom features or leak patient information from a telemedicine platform.
Team82 and Check Point Research worked with QuickBlox to find solutions to the issues, including new architecture for its platform and a whole new API. Users of QuickBlox are advised to migrate to the latest versions for both updates.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
QuickBlox API Vulnerabilities Open Video, Chat Users to Data Theft