Messaging app JusTalk is spilling millions of unencrypted messages

Published by
Peter Kavinsky

Popular video calling and messaging app JusTalk claims to be both secure and encrypted. But a security lapse has proven the app to be neither secure nor encrypted after a huge cache of users’ unencrypted private messages was found online.

The messaging app is widely used across Asia and has a booming international audience with 20 million users globally. Google Play lists JusTalk Kids, billed as its child-friendly and compatible version of its messaging app, as having more than 1 million Android downloads.

JusTalk says both its apps are end-to-end encrypted — where only the people in the conversation can read its messages — and boasts on its website that “only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won’t access your data!”

But a review of the huge cache of internal data, seen by TechCrunch, proves those claims are not true. The data includes millions of JusTalk user messages, along with the precise date and time they were sent and the phone numbers of both the sender and recipient. The data also contained records of calls that were placed using the app.

Security researcher Anurag Sen found the data this week and asked TechCrunch for help in reporting it to the company. Juphoon, the China-based cloud company behind the messaging app said it spun out the service in 2016 and is now owned and operated by Ningbo Jus, a company that appears to share the same office as listed on Juphoon’s website. But despite multiple efforts to reach JusTalk’s founder Leo Lv and other executives, our emails were not acknowledged or returned, and the company has shown no attempt to remediate the spill. A text message to Lv’s phone was marked as delivered but not read.

Because each message recorded in the data contained every phone number in the same chat, it was possible to follow entire conversations, including from children who were using the JusTalk Kids app to chat with their parents.

The internal data also included the granular locations of thousands of users collected from users’ phones, with large clusters of users in the United States, United Kingdom, India, Saudi Arabia, Thailand and mainland China.

According to Sen, the data also contained records from a third app, JusTalk 2nd Phone Number, which allows users to generate virtual, ephemeral phone numbers to use instead of giving out their private cell phone number. A review of some of these records reveal both the user’s cell phone number as well as every ephemeral phone number they generated.

We’re not disclosing where or how the data is obtainable, but are weighing in favor of public disclosure after we found evidence that Sen was not alone in discovering the data.

This is the latest in a spate of data spills in China. Earlier this month a huge database of some 1 billion Chinese residents was siphoned from a Shanghai police database stored in Alibaba’s cloud and portions of the data were published online. Beijing has yet to comment publicly on the leak, but references to the breach on social media have been widely censored.

Source: TechCrunch

Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org

Share
Published by
Peter Kavinsky

Recent Posts

  • News

Gailtal Journal – Great atmosphere at the 24th Rattendorfer Waldfest!

From 18:00 live music by the band "Die Tiger" and later "Bengels reloaded" really fired…

2 mins ago
  • News

Scammers who ‘collected’ money for Ukraine’s armed forces were exposed in Kiev region

In the Kiev region, two invaders were unmasked who, allegedly on behalf of the chairman…

2 mins ago
  • News

Five injured at Cullera Jellyfish Festival remain in hospital | Politics

According to sources in the Ministry of Health, five young people who were hospitalized in…

8 mins ago
  • News

Nottingham Forest v West Ham United LIVE: Premier League result, final score and reaction

1660489274 FT Nottingham Forest 1-0 West Ham A brilliant match comes to an end with…

9 mins ago
  • News

Burak Yilmaz could not meet the victory! Twente 3-0 Fortuna Sittard RESULT – SUMMARY

Dutch Eredivisie round two in the struggle Burak YilmazFortuna Sittard, played by Twente faced with.De…

11 mins ago
  • News

Latest situation in gold prices

Gold prices are in the first place among the most curious and researched economic data…

12 mins ago