- cross-posted to:
- cybersecurity@sh.itjust.works
- technology@beehaw.org
- cross-posted to:
- cybersecurity@sh.itjust.works
- technology@beehaw.org
I… don’t think I’ve ever read about the ball being dropped this hard on anything before. This is incredible.
Holy shit. Talk about getting owned.
Interesting reading, thanks!
Thanks for sharing. Such an interesting read. I’ve read many times about databases being exposed publicly, but when a company explicitly states they are using state of the art security and drag other companies through the mud… Man, that really takes the cake.
I shudder to think what it must be like to be a developer there, knowing they’re lying so blatently.
In the timeline at the bottom it says:
2023-05-05: Converso asks: ‘How were you able to decompile the source code of the app and what do you think should be done to protect against that in the future?’
So I think some of the devs were in way over their heads too!
The fundamental problem with cryptography is that it’s significantly harder to create a system that others can’t crack than to create a system that you yourself can’t crack.
I get that building secure communication from scratch is hard, but claiming those things is just outrageous. I see absolutely nothing for them to gain for making such an app with unsubstantiated claims.
In the list of features of their app, they’ve somehow “trademarked” Sensors Off™ and Screenshot Protect™, like they’re some kinds of novel features
deleted by creator