Sunbird said it was investigating security issues raised with the Nothing Chats iMessage app and recently notified users that the service had been paused. The company stated, “We will inform you when we are ready to proceed.” So why was Sunbird closed?Messages were not encrypted!
For those who don’t know, the Sunbird app was released in late 2022 and started with a limited number of users. Sunbird is an application that combines the world’s most popular messaging applications in a single application, with support for iMessage, SMS/MMS, Messenger and WhatsApp. Sunbird attracted attention especially by making iMessage on iPhones available on Android phones. Sunbird said that messages from Android to iPhone are end-to-end encrypted, but a question mark arose.
Signing in with Apple ID is not secure
Last week, Sunbird collaborated with Nothing to release Nothing Chats, an iMessage-compatible messaging app. Nothing Chats required users to sign in with their Apple ID. As a result of the research, it was revealed that users’ Apple ID information was sent to Sunbird servers. Apple ID login information was being sent over unencrypted HTTP. Thereupon, Nothing Chats was removed from the Google Play Store less than 24 hours after its release.
It was not mentioned in the statement!
However, neither Nothing nor Sunbird mentioned the security vulnerability in their statement on the subject on the social networking platform. A statement was made that the application would be re-released after the bug fixes. Existing Nothing Chats and Sunbird users are advised to change their Apple ID password, uninstall the app, and follow additional steps to delete their data.
41007
