FireChat: is it safe?! No, all the data send is PUBLIC – learn more now

First things first, well done FireChat developers. You have helped thousands of people worldwide by providing them access to the FireChat application. The FireChat application is being used in war and demonstration environments. For example, the Iraqi people used the FireChat application to exchange information with each other. The same is currently happening in China.

The protestors in China are using the FireChat application as the government of China has blocked any resource which provides information and supports the demonstrators which are currently in Hong Kong.

The Chinese government is scared that the citizens of China will support the demonstrators in Hong Kong. But lets get back to the FireChat application.

The FireChat application works with MESH networking, which actually means that if you are in the environment of the “chat room” (or a user which is using the FireChat chatroom), you will be allowed to join the FireChat chat room. Gizmodo reported that for security reasons, FireChat implemented an username (nickname) generator which creates a static nickname.

firechat iraq

 

This allows the FireChat users to recognize eachother and it will disallow users to have the same nickname.

The FireChat application uses the following methods to connect to a FireChat MESH environment:

  • WiFi
  • BlueTooth

Now lets take a look at a couple of attacks which can be performed on a Bluetooth connection:

Bluejacking involves Bluetooth users sending a business card (just a text message, really) to other Bluetooth users within a 10-meter (32-foot) radius. If the user doesn’t realize what the message is, he might allow the contact to be added to his address book, and the contact can send him messages that might be automatically opened because they’re coming from a known contact.

Bluebugging is more of a problem, because it allows hackers to remotely access a user’s phone and use its features, including placing calls and sending text messages, and the user doesn’t realize it’s happening.

 

VentureBeat reports that:

The company is also working on implementing encrypted chats, which would fix FireChat’s biggest flaw at the moment. While it’s a useful tool if the government decides to kill Internet access, all of your FireChat conversations are entirely open to the public. There’s nothing stopping the authorities from eavesdropping on everything you’re posting. There’s also no way to communicate with specific users directly, though Daligault tells me private messaging is also in the works.

So as I am writing this article, the FireChat application is NOT SAFE to use, but it will ALLOW you to SHARE INFORMATION. REAL or FAKE information 😉 – Do note, that the developers of FireChat are working on this issue.