Confide, an allegedly secure messaging app reportedly used by many White House staffers, has had some major vulnerabilities. IOActive, a security consultancy firm, says the app’s security holes enabled the firm to access 7,000 user records through Confide’s account management system.
The holes were found in the app’s API, which could be exploited to reveal information like phone numbers and email addresses.
These kinds of issues are exactly the opposite of what users would expect from Confide given it promotes itself as offering “military-grade” encryption.
It has a self-destructing message feature that is said to be popular in the White House.
Confide was found to be ignoring typical security recommendations. It allowed users to pick weak passwords and didn’t protect against brute force attacks. Some of the data from the app wasn’t secure due to its notification system failing to use a valid SSL server certificate, thereby exposing users.
The app has fixed these issues.