The messaging app Freedom Chat has fixed two security flaws. One flaw allowed a security researcher to guess the phone numbers of registered users. The other flaw exposed the PIN codes that users set to lock the app.
Freedom Chat was released in June and bills itself as a secure messaging service. It claims on its website that users’ phone numbers stay private. However, security researcher Eric Daigle told TechCrunch that these phone numbers and user PINs could be easily obtained by exploiting vulnerabilities.
Daigle discovered the vulnerabilities last week and shared the details with TechCrunch. He chose this route because Freedom Chat does not have a public vulnerability disclosure program for reporting security flaws. TechCrunch then alerted Freedom Chat founder Tanner Haas to the issues by email.
Haas confirmed that the app has now reset all user PINs and released a new version. He stated the company is removing instances where users’ phone numbers were occasionally visible. The company has also increased rate-limiting on its servers to prevent mass guessing attempts.
Daigle explained it was possible to identify the phone numbers of nearly 2,000 users who had signed up since launch. Freedom Chat’s servers allowed anyone to flood it with millions of phone number guesses to determine if a number was stored. This technique is identical to one described by the University of Vienna in recent research, where academics matched phone numbers against WhatsApp’s servers.
Daigle also found that Freedom Chat was leaking users’ PIN codes. By using a network traffic inspection tool, he saw the app would respond with the PIN codes of every other user in the same public channel. This happened even though the PINs were not visible within the app’s interface.
According to Daigle, anyone in the default Freedom Chat channel, which users join automatically upon signing up, had their PIN broadcast to everyone else in that channel. Knowledge of a person’s PIN could allow someone to open the app from a user’s stolen device.
In an app store update published on Sunday, Freedom Chat noted a critical reset. It stated a recent backend update had inadvertently exposed user PINs in a system response. The update clarified that no messages were ever at risk, and because the app does not support linked devices, conversations were never accessible. The company reset all PINs to ensure account security and reiterated that user privacy remains its top priority.
Freedom Chat is founder Tanner Haas’s second messaging app. His first app, Converso, was delisted from app stores following the disclosure of security flaws that exposed users’ private messages and content.