Major security flaws in popular Quickblox chat and video framework expose sensitive data of millions

Real-time chat and video services available within telemedicine, finance, and smart IoT device applications used by millions of people, rely on the popular QuickBlox framework. QuickBlox supplies mobile and web application developers with a SDK and APIs to deliver not only user management, real-time public and private chat features, for example, but also security features that ensure compliance with HIPAA and GDPR.

Claroty Team82, in collaboration with Check Point Research (CPR), conducted a joint research project to look at the security of the QuickBlox SDK. Together, we uncovered a few major security vulnerabilities in the QuickBlox platform architecture that, if exploited, could allow threat actors to access tens of thousands of applications’ user databases and put millions of user records at risk.

Read more…
Source: Check Point