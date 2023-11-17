chat nothing

Despite the Nothing Company co-founder claiming that its chat service linking to iMessage will be end-to-end encrypted, the source code reveals quite the opposite.

The makers of Nothing Phone (2) announced Nothing Chats on November 14. It’s a service that allows Android users to send messages in iPhone-style blue bubbles – assuming they’re willing to log in to a remote server with their Apple ID.

Nothing requires users to have a phone (2) to access Nothing Chat. The iMessage-like technology comes from Sunbird, a New York-based technology company, and is integrated into the Nothing message application.

The Text team took a quick look at the technology behind Nothing Chat and found it to be extremely insecure It’s not even using HTTPS, credentials are sent over plaintext HTTP The backend is running an instance of BlueBubbles, which does not yet support end-to-end encryption pic.twitter.com/IcWyIbKE86 – Kishan Bagaria (@KishanBagaria) 17 November 2023

On Friday, the Texts.com founder tweeted that his team “took a quick look” at the code behind Nothing Chats and found it to be vulnerable.

“It’s not even using HTTPS, the credentials are sent over plaintext HTTP,” Kishan Bagaria said.

Exposing data with insecure protocols

The primary concern is the absence of HTTPS (Hypertext Transfer Protocol Secure) in the service’s communication protocol. HTTPS, a fundamental security standard for modern Internet communications, encrypts data between a user’s device and a server.

This lack of encryption means that sensitive information, including login credentials, is sent over the Internet using plaintext HTTP. Using that method is unsafe because it allows relatively easy interception of data by third parties, especially on unsecured networks.

The investigation revealed that Nothing Chats uses a backend powered by Bluebubbles, a messaging service known for lacking end-to-end encryption. End-to-end encryption is a key feature in secure messaging, ensuring that only the users communicating can read the messages.

The absence of this encryption means that messages can potentially be accessed by the service provider or intercepted by external entities, posing a significant privacy threat.

Nothing has come yet to answer the claims.

secure messaging solution

According to Nothing, the primary reason behind its messaging app was to entice iPhone users of its earbuds to fully commit to their smartphones. The company determined that messaging barriers prevented iPhone users from switching platforms, particularly the stigma associated with being the only person in a group chat with Android green bubble messages instead of the typical Apple blue messages.

“We were like, how can we do something about this?” Carl Pei said nothing. “And started looking at different teams working on this problem… and we came across the Sunbird team.”

Echoing major companies like Google and Samsung, Nothing also noted Apple’s lack of support for RCS in iMessage. It further claimed that Apple’s reluctance to adopt RCS puts user privacy at risk.

Fortunately, Apple announced on November 16 that it will add RCS Universal Profiles to iMessage, possibly with iOS 18 in 2024. Although that profile does not include Google’s version of end-to-end encryption, Apple is working with industry body GSMA on the possible inclusion of an industry-wide encryption standard.

Source: appleinsider.com