kouchat icon indicating copy to clipboard operation
kouchat copied to clipboard

Published 20 hours ago verified publisher icon blurpy

Impostor security

Open ghost opened this issue 7 years ago • 1 comments

Sending data without some system of verifying the sender can be reverse engineered and may allow hackers to send data as someone else. Take this example:

  1. The hacker receives a message with the sender's identifier (userCode)
  2. The hacker sends a message changing his sender's identifier to the previously received one.
  3. Sent message appears to be from the original sender instead of hacker

ghost avatar Dec 10 '17 02:12 ghost

You are right that there is no proper support for securing messages. This issue would probably be solved with encryption, as suggested in issue #5.

Doing as you suggest may look suspicious though, as the user being hijacked would appear to change ip address back and forth.

blurpy avatar Dec 11 '17 16:12 blurpy