Security News > 2021 > February > Keybase secure messaging fixes photo-leaking bug – patch now!

Keybase secure messaging fixes photo-leaking bug – patch now!
2021-02-23 19:59

Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing "End-to-end encryption for things that matter."

If you copy an unencrypted file from a USB drive to your laptop, for example, before uploading it into a service such as Keybase, neither the Keybase app nor the Keybase servers can do anything about those two unencrypted copies of the file that now exist.

It's your choice what to do with your data while it's outside the Keybase system, and you wouldn't expect the app to mess with files that you hadn't explicitly entrusted to it.

You do expect security-conscious apps like Keybase to be cautious with how they handle any unencrypted data themselves, such as the text you type into a message or the content of an image file you want to send.

Well, a quadrumvirate of security researchers from a group going by had a dig around in the files that were created and used by Keybase while it was running.

The researchers were easily able to recover image files that had previously been used by Keybase but that users would assume no longer existed on their hard drive in unencrypted form.


News URL

https://nakedsecurity.sophos.com/2021/02/23/keybase-secure-messaging-fixes-photo-leaking-bug-patch-now/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Keybase 1 1 2 3 2 8