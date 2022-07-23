U.S. markets closed

  • S&P 500

    3,961.63
    -37.32 (-0.93%)
     

  • Dow 30

    31,899.29
    -137.61 (-0.43%)
     

  • Nasdaq

    11,834.11
    -225.50 (-1.87%)
     

  • Russell 2000

    1,806.88
    -29.81 (-1.62%)
     

  • Crude Oil

    95.09
    -1.26 (-1.31%)
     

  • Gold

    1,725.30
    +11.90 (+0.69%)
     

  • Silver

    18.49
    -0.23 (-1.22%)
     

  • EUR/USD

    1.0220
    -0.0012 (-0.11%)
     

  • 10-Yr Bond

    2.7830
    -0.1270 (-4.36%)
     

  • GBP/USD

    1.1998
    +0.0001 (+0.01%)
     

  • USD/JPY

    136.0500
    -1.3170 (-0.96%)
     

  • BTC-USD

    22,846.17
    -221.18 (-0.96%)
     

  • CMC Crypto 200

    509.81
    -9.44 (-1.82%)
     

  • FTSE 100

    7,276.37
    +5.86 (+0.08%)
     

  • Nikkei 225

    27,914.66
    +111.66 (+0.40%)
     

Messaging app JusTalk is spilling millions of unencrypted messages

Zack Whittaker
·3 min read

Popular video calling and messaging app JusTalk claims to be both secure and encrypted. But a security lapse has proven the app to be neither secure nor encrypted after a huge cache of users' unencrypted private messages was found online.

The messaging app is widely used across Asia and has a booming international audience with 20 million users globally. Google Play lists JusTalk Kids, billed as its child-friendly and compatible version of its messaging app, as having more than 1 million Android downloads.

JusTalk says both its apps are end-to-end encrypted — where only the people in the conversation can read its messages — and boasts on its website that "only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won't access your data!"

But a review of the huge cache of internal data, seen by TechCrunch, proves those claims are not true. The data includes millions of JusTalk user messages, along with the precise date and time they were sent and the phone numbers of both the sender and recipient. The data also contained records of calls that were placed using the app.

Security researcher Anurag Sen found the data this week and asked TechCrunch for help in reporting it to the company. Juphoon, the China-based cloud company behind the messaging app said it spun out the service in 2016 and is now owned and operated by Ningbo Jus, a company that appears to share the same office as listed on Juphoon's website. But despite multiple efforts to reach JusTalk's founder Leo Lv and other executives, our emails were not acknowledged or returned, and the company has shown no attempt to remediate the spill. A text message to Lv's phone was marked as delivered but not read.

Because each message recorded in the data contained every phone number in the same chat, it was possible to follow entire conversations, including from children who were using the JusTalk Kids app to chat with their parents.

The internal data also included the granular locations of thousands of users collected from users' phones, with large clusters of users in the United States, United Kingdom, India, Saudi Arabia, Thailand and mainland China.

According to Sen, the data also contained records from a third app, JusTalk 2nd Phone Number, which allows users to generate virtual, ephemeral phone numbers to use instead of giving out their private cell phone number. A review of some of these records reveal both the user's cell phone number as well as every ephemeral phone number they generated.

We're not disclosing where or how the data is obtainable, but are weighing in favor of public disclosure after we found evidence that Sen was not alone in discovering the data.

This is the latest in a spate of data spills in China. Earlier this month a huge database of some 1 billion Chinese residents was siphoned from a Shanghai police database stored in Alibaba’s cloud and portions of the data were published online. Beijing has yet to comment publicly on the leak, but references to the breach on social media have been widely censored.

A huge data leak of 1 billion records exposes China’s vast surveillance state

Recommended Stories

  • Daily Crunch: 'I’ve gotten beat' on my 'Shark Tank' bets, Mark Cuban admits

    Grab your calendar and mark November 17, 2022, on it, and then snag yourself an airline ticket to Miami, Florida. Domo Arigato: If you missed yesterday’s TC Sessions: Robotics, Matt has a great recap so you can get yourself up to speed.

  • Google fires researcher who claimed LaMDA AI was sentient

    After public claims that Googe's LaMDA had attained sentience and even possessed a soul, researcher Blake Lemoine has been let go.

  • Verizon Shares See Biggest Loss Since 2008 After Outlook Cut

    (Bloomberg) -- Verizon Communications Inc. shares plunged to their biggest drop in 14 years after the mobile-phone company cut its forecast for the second straight quarter, adding to concerns that consumers are pulling back on spending.Most Read from BloombergThree Arrows Founders Break Silence Over Collapse of Crypto Hedge FundTrump Insiders Recall How He Spurned Pleas to Act as Riot RagedAmericans Who Can’t Afford Homes Are Moving to Europe InsteadMusk Lieutenant Scrutinized in Internal Tesla

  • Nokia Explores Sale of Managed Services Business

    (Bloomberg) -- Nokia Oyj is weighing a sale of its managed services business, people familiar with the matter said.Most Read from BloombergThree Arrows Founders Break Silence Over Collapse of Crypto Hedge FundTrump Insiders Recall How He Spurned Pleas to Act as Riot RagedAmericans Who Can’t Afford Homes Are Moving to Europe InsteadMusk Lieutenant Scrutinized in Internal Tesla Purchasing ProbeStocks End Three-Day Rally on Tech, Growth Woes: Markets WrapThe Finnish telecommunications company is wo

  • Intuit's Charts Have Turned Up From a Base Pattern

    In this daily bar chart of INTU, below, we can see that prices have been bottoming for the past three months. The On-Balance-Volume (OBV) line shows an advance from May and tells us that buyers of INTU have become more aggressive than sellers. The OBV line shows a decline from November but perhaps a bottom in recent weeks.

  • Meta's Facebook revamping main feed to attract younger users

    Meta executives have voiced increased urgency in recent months around boosting the company's "Reels" product, similar to TikTok's short video format that has attracted many younger users. "Home", Facebook's main news feed tab that users will see when they open the app, will start more heavily featuring popular posts from accounts that users do not follow, including Reels and Stories, Meta said in a statement. Facebook will suggest posts to users with its machine learning ranking system and is investing in artificial intelligence (AI) to serve recommended content, it added.

  • Robot dog outfitted with machine gun in Russia brings us closer to real-life ‘Black Mirror’

    A robot dog modified to include a machine gun on the top half of its body has captured the attention of the internet with its sophisticated design resembling something out of a sci-fi thriller. As shown in the video, which has garnered over 7.3 million views on Twitter, a silver-colored robot dog runs along a firing range as it opens fire on various targets. All the people who laughed off the “worrywarts” years ago for freaking out about the Funny Dancing Robot Dogs (tm) should be forced to watch this video once a day for the remainder of the year.

  • Dogecoin's DOGE Sees Volatile Trading After Upgrade

    Dogecoin regressed Wednesday's gains even as the upgrade went live.

  • Credit Suisse Analyzes Oracle Accelerating Lift-And-Shift To OCI With Friendly Cloud Rival

    Oracle Corp (NYSE: ORCL) launched the Oracle Database Service for Microsoft Corp (NASDAQ: MSFT) Azure, an Oracle-managed service for Azure customers to provision, access, and operate Oracle Database services in Oracle Cloud Infrastructure (OCI) directly within Azure. The update reinforced Credit Suisse analyst Phil Winslow's view that Oracle is ready to emerge as the #3 or #4 vendor in the PaaS/IaaS market. Oracle customers who depend on Microsoft technology could use OCI-Azure Interconnect to c

  • Anti-Instagram App BeReal Takes Top Spot on Apple Despite Crashes

    (Bloomberg) -- BeReal, a social media app dubbed the anti-Instagram, has soared in popularity in recent weeks despite numerous complaints that it crashes at a critical moment. Most Read from BloombergThree Arrows Founders Break Silence Over Collapse of Crypto Hedge FundTrump Insiders Recall How He Spurned Pleas to Act as Riot RagedAmericans Who Can’t Afford Homes Are Moving to Europe InsteadMusk Lieutenant Scrutinized in Internal Tesla Purchasing ProbeStocks End Three-Day Rally on Tech, Growth W

  • With The Merge on the Verge Buterin Previews The Surge Ethereum's Chief Scientist Says Network Will Be Halfway Complete After Shift to PoS

    Ethereum's Chief Scientist Says Network Will Be Halfway Complete After Shift to PoS

  • T-Mobile and Apple to sell small-business connectivity plan

    T-Mobile US Inc said on Thursday it was working with Apple Inc to offer a mobile phone plan that will include subsidized iPhones and a suite of paid services from Apple aimed at small-business owners. The deal will help Apple with distribution of Business Essentials, a paid service it started last year for businesses with small or non-existent IT departments who still need to manage fleets of iPhones and other Apple devices for their workers. The Apple service, which ranges between $2.99 and $12.99 per month per employee, lets a businesses install and update apps and provide cloud storage to employees.

  • Ethereum supply to shrink after 'Merge' upgrade, says Vitalik Buterin

    Ethereum will change its monetary policy in the long-awaited 'Merge' upgrade, with the annual issuance of its ether cryptocurrency to be slashed by up to 90%.

  • Verizon Shares Drop After Reporting Flat Q2 Revenue Growth, FY22 Guidance Cut

    Verizon Communications Inc (NYSE: VZ) reported a flat second-quarter FY22 sales growth year-on-year to $33.79 billion, beating the consensus of $33.77 billion. Adjusted EPS of $1.31 missed the consensus of $1.32. Total wireless service revenue was $18.4 billion, up 9.1% Y/Y, reflecting the company's ownership of TracFone, further progress on its premium Unlimited strategy, and substantial Business volumes. Service and other revenue were down 3.9% due to revenues lost from Verizon Media Group. Th

  • Microsoft To Block This Vital MS Office Feature Soon

    Microsoft Corp (NASDAQ: MSFT) confirmed blocking Visual Basic Applications (VBA) macros in Office apps by default from July 27. Microsoft had quietly rolled back the change earlier this month, citing unspecified "user feedback," the TechCrunch reports. Microsoft believed that the initial rollout in June caused issues for organizations using macros to automate routine processes, such as data collection or running specific tasks. Microsoft acknowledged pausing the rollout to make some additional c

  • Top Tech Stocks for August 2022

    The technology sector is composed of businesses that sell goods and services in electronics, software, computers, artificial intelligence (AI), and other industries related to information technology (IT). The sector includes companies with the largest market capitalizations in the world, such as Apple Inc., Microsoft Corp., and Amazon.com Inc. Tech stocks, represented by the Technology Select Sector SPDR Fund (XLK), have slightly outperformed the broader market over the past year.

  • Binance Says It Doesn't Stake or Lend 'Locked' Dogecoin

    Binance's clarification comes after Twitterati questioned the inner working of the staking product dedicated to proof-of-work coins.

  • Sharing your Google Calendar can be done in three easy steps. Here's what you need to do.

    Google Calendar's sharing capabilities make it a useful tool. Here's how to share yours in three easy steps, starting by going to My Calendars.

  • Here's Why Minecraft Says NFTs And Other Blockchain Technology 'Does Not Align With' Its Values

    Minecraft has made it clear that blockchain technology is not welcome.

  • Can Crypto Be Hacked?

    Investors worldwide have swarmed on Bitcoin and other cryptocurrencies, lured by the promise of quick riches regardless of the risks. Bitcoin's success has fueled legions of follow-on projects, imitators, and fans. There are weaknesses that hackers can exploit, which means your cryptocurrency can be hacked; however, it can only be done in certain scenarios.