State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Drupe Android Application Exposed Some Users’ Pictures and Audio Messages

Original Release Date: 5/11/2018

Summary

Drupe, an Android application designed to enable communication via phone calls, text messages, and through integrations with social media chat applications such as Skype and WhatsApp, left some of their users’ pictures and audio messages publicly accessible via unsecured Amazon Web Services (AWS) S3 buckets. According to a post published by the Drupe Team on May 7, the flaw only affected those who used the Drupe Walkie Talkie feature to send messages or the Drupe special messaging infrastructure to send images. These features are reportedly utilized by approximately three percent of Drupe users. 

Recommendations

The NJCCIC recommends administrators of AWS S3 buckets and other cloud databases review our previous NJCCIC Cyber Alert on the risks associated with misconfigured S3 buckets, audit their security settings, and implement the mitigation strategies provided as soon as possible.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.