Images Deleted on ‘Keybase’ Chat Are Still Retrievable

  • Keybase was vulnerable to a local attack that could expose supposedly deleted images.
  • The app was deleting the files from the chat but kept them locally stored in unencrypted form.
  • The bug was fixed last month, so users are recommended to update immediately.

Keybase is one of our recommended encrypted communication solutions, rich in features and strong when it comes to user privacy and security. However, a recent finding proves that no software is absolutely perfect, safe, and free of bugs that could potentially compromise its users’ privacy.

As discovered by John Jackson and his team of researchers (Sakura Samurai), Keybase was plagued by a flaw that carries the identifier “CVE-2021-23827,” which concerns storing cleartext pictures in the app’s cache. This applies to all Keybase desktop versions on all three OS platforms (Win, Mac, Linux).

Normally, when a user deletes a picture or has set the “explode” functionality (time-based deletion), the images should be wiped from Keybase. While the app’s interface shows them as deleted, there’s no action taking place on the local cache and also the uploadtemps directories.

Hence, the images remain available there and in “cleartext” form. Also, the uploadtemps folder should be kept alive on the local storage only for as long as the image uploading action lasts, but it’s not getting immediately wiped due to a bug.

Source: johnjhacking.com

Thus, if an attacker manages to establish local access onto the user’s machine, they could potentially access files that have supposedly been securely erased on Keybase. This is very bad, especially for users who have picked Keybase specifically to stay safe from authoritarian regimes. These users may have their devices seized by the police for analysis so that the “physical access” part wouldn’t be far-fetched for a significant portion of Keybase’s userbase.

The discovery of the flaws came thanks to Zoom's bug bounty hunting program when it acquired the project back in May 2020. Thus, CVE-2020-23827 has already been reported to the firm and subsequently fixed with the release of Keybase 5.6.0 for Windows and Keybase 5.6.1 for macOS and Linux. If you are using an earlier version, make sure to update your Keybase client immediately. The patched releases came out on January 23, 2021, so it’s been a full month already.

The bug bounty received by the Sakura Samurai team for this finding was $1,000, while the hacking group commented that Zoom was very responsive to their reports. This is a positive indication of how Zoom is treating Keybase following its acquisition and a step to attenuate the worries that the community had concerning the real intentions of the video conference company.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari