Connect with us

Social

Jack Dorsey’s new private Bitchat app is not tested for security

Experts are already raising serious concerns about its safety.

jack dorsey of twitter
Image: Reboot

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Jack Dorsey recently launched a new messaging app called Bitchat, which he claims is secure, private, and does not depend on the internet. 

Instead of sending messages through Wi-Fi or mobile data, Bitchat uses Bluetooth and end-to-end encryption, meaning only the people involved in a chat can read the messages. 

Because it doesn’t rely on centralized servers, Dorsey believes it could be especially useful in situations where internet access is limited or monitored.

However, experts are already raising serious concerns about its safety. 

In fact, Dorsey himself later added a warning on the app’s GitHub page, saying the app has not been tested for security and may contain flaws. (Via: TechCrunch)

He urged people not to use it seriously until it’s been fully reviewed.

One security expert, Alex Radocea, tested Bitchat and discovered that someone could pretend to be someone else on the app. 

This is because Bitchat’s system for verifying identity, which is supposed to let users know they are talking to the same person as before, is not functioning properly. 

The app uses a “Favorites” system with a star icon to show trusted contacts, but this system can be tricked by hackers.

Radocea reported the problem on GitHub, and while Dorsey marked the issue as “completed” at first, he later reopened it, allowing security problems to be posted publicly.

Other people also found possible issues in Bitchat, including:

  • A claim about “forward secrecy” that might not be accurate (this is a feature that protects past messages even if encryption keys are stolen).
  • A possible buffer overflow bug, which could let hackers access sensitive data.

Radocea warned that people should not trust Bitchat yet, especially if their safety depends on it. He criticized Dorsey for making bold claims about security without doing basic checks. 

In his words: “Security sounds good, but it has to actually work — otherwise it can put people in danger.”

Do you think Jack Dorsey should have waited for proper security testing before launching Bitchat? Or is it okay to release experimental apps with clear warnings? Tell us below in the comments, or reach us via our Twitter or Facebook.

Follow us on Flipboard, Google News, or Apple News

Ronil is a Computer Engineer by education and a consumer technology writer by choice. Over the course of his professional career, his work has appeared in reputable publications like MakeUseOf, TechJunkie, GreenBot, and many more. When not working, you’ll find him at the gym breaking a new PR.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Social