Jack Dorsi says that the new “safe” Bitchat is not tested for safety

Photo of author

By [email protected]


On Sunday, the CEO of Block and the founder of Twitter Jack Dorsi Launch an open source chat application called bitchatand promising To provide “safe” and “private” messages without central infrastructure.

The application depends on Bluetooth encryption and encryption from end to tip, on the contrary to the internet -based traditional messages applications. By decentralized, Bitchat has the ability to be a safe application in highly dangerous environments where the Internet is monitored or not accessible. According to Dorssi White paper In detail with application protocols and privacy mechanisms, the design of the Bitchat system “gives priority”.

But the allegations that the application is safe, however, is already facing audit by security researchers, given that the application and symbol has not been reviewed or tested for safety issues at all – by accepting Dorshi.

Since his launch, he has Dormyy He added a warning To the Bitchat’s GitHub page: “This program has not received an external security review and may contain weaknesses and do not necessarily meet its declared security goals. Do not use it for productive use, and do not depend on its security at all until it is reviewed.”

This warning now also appears on the GitHub Main Project page in Bitchat, but there was no time at the time of the application for the first time.

As of Wednesday, Dorshi Add: “Work under progress”, as well as warning on Gitap.

This came to evacuate the last responsibility after Alex Rados found a security researcher that it is possible to impersonate another person and deceive the person’s contacts to believe that he is talking to legal contact, The researcher also explained in a blog publication.

Radocea wrote that Bitchat has a “authentication/verification/cheerful” system that allows the attacker to fill a “identity key” for a person and “the pair of the identifier” – basically a digital handshake that is supposed to create a reliable connection between two people who use the application. Bitchat calls these “favorite” connections and places them with the stars icon. The goal of this feature is to allow Bitchat users to interact, knowing that they are talking to the same person they spoke to before.

Dorsi did not respond to the request for Techcrunch for the comment that was sent to his email address.

A screenshot showing an example of a chat where the attacker impersoned the character “Bob” in a conversation with “Alice”, which made Bitchat seem to be really coming from Bob.Image credits:Alex Radosia

On Monday, Radosia made a ticket on the Gaytap project to ask how to report the security defect that he discovered in Bitchat’s favorite system. Soon after, Dorsi was “complete”, without comment. ((Dorshi reopened the ticket On Wednesday, the statement of security cases can be reported by publishing on GitHub directly.)

Another person I mentioned Concerning fears of Dorie allegations that Bitchat has “secrecy”, an encryption technique that guarantees that even if the attacker is stolen or hurts a encryption key, this attacker still cannot decode the messages that have been previously sent.

Someone too Indicate A possible potential flow, which is a common type of security vulnerability where the infiltrator can impose the memory of the device on spills to other sites, and open the door for a compromise of the data.

Radocea warned that Bitchat users should not trust the application yet.

“Security is a great advantage to go in the virus. But examining the basic mind, like the keys to identity, actually performs any encryption, will be a very clear thing to test when building something like this,” Radosia told Techcrunch. “There are people who would literally take messages about security and can depend on them for their safety, so that the project in its current state can be at risk.”

In reference to its results and other people, RadioSia criticized Dorie’s warning that Bitchat was not tested for security.

“I would like to confirm that she had received an external security review, and does not look good,” he said.



https://techcrunch.com/wp-content/uploads/2025/07/jack-dorsey-bitcoin-2021-conference.jpg?resize=1200,800

Source link

Leave a Comment