Posted On 08 May 2021
Up to 29,000 people who use the Passwordstate app have been infected with a malicious update that culled the app’s data and sent it to a server controlled by hackers. The creators of the app, Click Studios, informed customers that the upgrade process had been hijacked to place a file entitled “moserware.secretsplitter.dll” on their computers that could investigate their computer system for password data which was then sent to the criminals’ server.
The attack and subsequent data compromise has highlighted the potential danger of password managers, which are usually recommended by IT experts to ensure that users have unique and complex passwords for every account. Clearly, if attackers can acquire access to the password manager, these features are not enough to prevent damage being done. It’s recommended that two factor authentication should be used at all times, meaning that any malicious actor cannot simply access accounts and data just because they are in possession of the password. In the meantime, all users of Passwordstate should immediately instruct the app to create new passwords for all their protected accounts.
Ghosting in IOS Clubhouse App
A vulnerability has been found in the iOS-based Clubhouse app, which runs audio chat rooms for users and has become extremely popular during the pandemic. Essentially, users were able to “ghost” themselves, meaning that they could remain in a chat room without any other user or moderator knowing that they were there. The process of doing this is quite simple: all the user needs is two iPhones with different Clubhouse accounts. They can log in to a room with one phone, then when they log in to the same room with the other phone the first phone should be locked out, but in fact although the user’s avatar will disappear from the room, they will still be able to hear what’s going on and to make comments completely anonymously. This clearly has serious implications in terms of data protection, harassment, hate speech, etc; when users are being secretly monitored by anonymous entities, or those entities are making remarks with no fear of being sanctioned, whatever they say, the integrity of the chat room is compromised. However, Clubhouse have now addressed the issue and claim that they have fixed all bugs that allowed it to happen.