QuickBlox, a software development framework used in telemedicine and finance, was found to have several critical security flaws, according to a joint study from computer and network security research firms Check Point Research and Claroty Team82 published July 12.
QuickBlox's video and chat features are commonly used in mainstream telemedicine applications and platforms. The researchers analyzed a mobile telemedicine application from an undisclosed organization that uses QuickBlox's framework to provide chat and video services for patients to connect with physicians. The research revealed existing vulnerabilities that worsened when combined with QuickBlox's framework.
Here are some of the flaws researchers discovered:
- The app leaked all aspects of the user database, such as medical records, medical history and stored chat history.
- The vulnerabilities allow any hacker to obtain usernames and passwords and impersonate a patient or physician.
- The ability to impersonate a physician grants the power to alter patient information and speak with patients live or in the name of their physician.
The research teams disclosed their findings to QuickBlox, which corrected these flaws and prompted users to update their framework to the latest version, according to the report.