The other day, a rather curious event happened on the market quite quietly. Nothing has introduced the Nothing Chats application, which could be called just another instant messenger, but the point is that this application actually allows Android owners to exchange messages with iPhone owners via iMessage. And a few days later, this application was removed from the Google Store.

Nothing initially stated that this was done due to the discovery of several bugs that simply needed to be fixed. However, it seems that the real reason is something else, and it is worse.

Let us remind you that the interaction between the Android messenger and iMessage occurs on a third party. She is represented by the Sunbird company, which provides its platform through which the magic happens. However, it turned out that in terms of data security, this platform is apparently much worse than Sunbird itself stated. In particular, there is no end-to-end encryption.

The Sunbird platform, and therefore the Nothing Chats app, requires a new user of the app to submit their Apple ID credentials to set up syncing. This data is then authenticated on your behalf using a virtual machine running MacOS. The main problem is that the request containing user credentials occurs over an unencrypted channel (HTTP).

The situation as a whole is more complex and is fully described on the Text.Blog website, where several specialists explain how they discovered the problem and what it is. Among other things, they show that they can obtain users’ personal data.

Thus, in fact, Nothing may not be to blame for the situation, but whether the application will now return to the Google Store is an open question.

As part of the Pwn2Own event to find vulnerabilities in commercial products, white hat hackers managed to hack the Samsung Galaxy S23 twice in one day. But this smartphone is considered one of the most secure in terms of software.

According to the Zero Day Initiative, the Star Labs SG team hacked the Galaxy S23 using an allowed list of commands. For discovering and demonstrating the vulnerability, white hat hackers earned $25 thousand and 5 Master of Pwn points.

Pentest Limited received $50 thousand and 5 Master of Pwn points for demonstrating another vulnerability – incorrect input validation (this vulnerability can be used as an exploit).

Samsung has already received all the details about the discovered vulnerabilities – the company will close these holes in future security updates.

By the way, hackers tested not only the Galaxy S23 software for durability: Team Viettel and NCC Group hacked Xiaomi 13 Pro, for which they received 40 and 20 thousand dollars, respectively.

This week, firmware was released for the Samsung Galaxy S21 FE smartphone in Europe and the USA, which should make the device more stable and safer. The new software includes the October Android security update, which patches 12 holes in the system, as well as a number of general improvements that should improve stability.

In the USA, the new firmware is available under the numbers G990USQS9EWI2 (for carrier smartphones) and G990U1UES9EWJ1 (for smartphones without carrier lock). In Europe, the firmware numbers are G990BXXS6EWJ1 and G990B2XXS5EWJ1.