Security Flaws Exposed in QuickBlox Chat And Video Framework

Team82 and Check Point Research analyzed the QuickBlox SDK/API and discovered critical design flaws that expose application secrets and allow attackers to enumerate and exfiltrate user databases, create accounts, and take over sessions; they demonstrated these issues in proofs-of-concept against smart intercom (Rozcom) and a telemedicine app, enabling remote door opening, camera/microphone access, and mass leakage of patient PII; QuickBlox collaborated to remediate the vulnerabilities and released a redesigned, more secure API.