Man
Professional
- Messages
- 3,087
- Reaction score
- 627
- Points
- 113
A vulnerability in the Zangi messenger discovered by UserGate experts allows you to decrypt messages in group chats, as well as group and private calls.
Zangi messenger positions itself as a secure alternative to Telegram. The number of app downloads exceeded 10 million on Google Play alone.
Zangi is also available in other app stores, including the Apple App Store, as well as in the brand stores of a number of AOSP and Android device manufacturers.
In addition to notifying the developer, UserGate experts entered the vulnerability data into the database of the FSTEC of Russia. UserGate experts also do not recommend using Zangi until the vulnerability is fixed and the appropriate patch is released.
The Zangi application profile has been added to the UserGate NGFW update. To protect it, you need to activate its lock.
"Any messenger is a potential channel for the leakage of sensitive information from the corporate network, so we include this type of software in the detection list of our security solutions so that the system administrator or information security representative has the opportunity to quickly block it by activating the necessary UserGate NGFW settings," comments Dmitry Kuzevanov, CISO, Head of the UserGate Monitoring and Response Center.
"In the process of investigating the Zangi app, our experts discovered a critical vulnerability that allows you to decrypt messages in group chats, group and private calls, and thus make its use unsafe. We repeatedly contacted the developer and sent him the results of our research, but did not receive a response".
Zangi messenger positions itself as a secure alternative to Telegram. The number of app downloads exceeded 10 million on Google Play alone.
Zangi is also available in other app stores, including the Apple App Store, as well as in the brand stores of a number of AOSP and Android device manufacturers.
In addition to notifying the developer, UserGate experts entered the vulnerability data into the database of the FSTEC of Russia. UserGate experts also do not recommend using Zangi until the vulnerability is fixed and the appropriate patch is released.
The Zangi application profile has been added to the UserGate NGFW update. To protect it, you need to activate its lock.
"Any messenger is a potential channel for the leakage of sensitive information from the corporate network, so we include this type of software in the detection list of our security solutions so that the system administrator or information security representative has the opportunity to quickly block it by activating the necessary UserGate NGFW settings," comments Dmitry Kuzevanov, CISO, Head of the UserGate Monitoring and Response Center.
"In the process of investigating the Zangi app, our experts discovered a critical vulnerability that allows you to decrypt messages in group chats, group and private calls, and thus make its use unsafe. We repeatedly contacted the developer and sent him the results of our research, but did not receive a response".
