Tapatalk Vulnerabilities?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
linux4me
Registered User
Posts: 59
Joined: Fri Oct 03, 2008 6:39 pm

Tapatalk Vulnerabilities?

Post by linux4me » Sat Jan 08, 2011 10:46 pm

In this post, user Callum95, the developer of phpBB Mobile told me
Callum95 wrote:You should have done your research better - Tapatalk has more than a few major vulnerabilities that the Tapatalk developers have refused to admit are problems for over a year. They should have been fixed long ago, and until then your board is insecure and at danger of being hacked (or at least, having your users comprimised). I'm not just trying to get you to use my modification, the Tapatalkk vulnerabilities are a real issue.
I've been Goggling around trying to find out if there really are still vulnerabilities in Tapatalk, and although there definitely were some serious ones, they seem to be old and to have been addressed as listed in this post at the Tapatalk forum. It looks like v. 1.9.1 got the SQL injection vulnerability, and they're up to v. 1.9.3, having fixed some usability issues since then.

Is anyone aware of any documented vulnerabilities in Tapatalk's latest version? I'm running it on a board I really don't want to see get compromised, but the owner of the board asked me to install it, so unless I can come up with some proof, it's going to stay there. Please include a link to any documentation of current vulnerabilities if you know of any.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Tapatalk Vulnerabilities?

Post by callumacrae » Sat Jan 08, 2011 11:00 pm

I've never actually seen a board hacked from the vulnerabilities, but i saw a long article on the various vulnerabilities and how they hadn't been fixed. I can't find it anymore :(

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
linux4me
Registered User
Posts: 59
Joined: Fri Oct 03, 2008 6:39 pm

Re: Tapatalk Vulnerabilities?

Post by linux4me » Sat Jan 08, 2011 11:10 pm

Callum95 wrote:I've never actually seen a board hacked from the vulnerabilities, but i saw a long article on the various vulnerabilities and how they hadn't been fixed. I can't find it anymore :(

~Callum
When I Googled "tapatalk vulnerabilities" I found 150,000 results, but when I restricted it to just the last month, I only got 653, and of the relevant ones of those, I couldn't find any that reported vulnerabilities that weren't listed as fixed on Tapatalk's site. So I'm wondering. I posted on their forum, too, to see if they will respond. They actually have responded in a number of forums when the vulnerabilities were an issue.

I did research it before I installed it, but didn't find anything recent, so when you said you were aware of some things, I got worried.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Tapatalk Vulnerabilities?

Post by callumacrae » Sat Jan 08, 2011 11:13 pm

I haven't actually checked for a while, but I knew that they had a record of not fixing vulnerabilities. When I'm not on a phone tomorrow I'll see if I can find the article I read :)

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
yellowpeter
Registered User
Posts: 77
Joined: Wed Dec 17, 2008 4:08 am

Re: Tapatalk Vulnerabilities?

Post by yellowpeter » Sun Jan 09, 2011 1:25 pm

Hello,

We are the Tapatalk team and would like to know if there is any existing security vulnerabilities that we are not aware of? We usually can fix it within 24 hours if any details can be given.

Just want to chime in here so to provide a more official voice from the development team :P
Tapatalk - iPhone native client for phpBB3 (in development)

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Tapatalk Vulnerabilities?

Post by callumacrae » Sun Jan 09, 2011 2:17 pm

I can't actually find anything recently, but I'm assuming there is a reason that androidforums disabled the plugin due to a "security risk" and haven't yet reenabled it? This was less than 6 months ago.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
yellowpeter
Registered User
Posts: 77
Joined: Wed Dec 17, 2008 4:08 am

Re: Tapatalk Vulnerabilities?

Post by yellowpeter » Mon Jan 10, 2011 4:14 am

Callum95 wrote:I can't actually find anything recently, but I'm assuming there is a reason that androidforums disabled the plugin due to a "security risk" and haven't yet reenabled it? This was less than 6 months ago.

~Callum
Hello Callum,

The AndroidForums issue was addressed within 24 hours - specifically surrounding the password encryption on the Android devices - which Foursquare Android app was also affected and we have fixed it immediately.

I totally understand security is the top-most concern of fellow forum owners and we take it very seriously. Our engineers are working around the clock to resolve issues and to strengthen our existing codebase. The fact that the code is open source will keep us improving by occasional ass-kicking from seasoned phpbb programmers that able to spot issues faster than us.

Please do let us know if you see any issues, particularly surrounding phpBB, we will be able to help.

There are over 11000 forums installed this MOD - people comes and people goes - I regard some forums decided not using this MOD but likewise I wouldn't expect all of them will stay on forever. ;) In particular some forum decided to roll out their own app it may be a very good reason to migrate mobile app users over to the new app.
Tapatalk - iPhone native client for phpBB3 (in development)

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Tapatalk Vulnerabilities?

Post by RMcGirr83 » Mon Jan 10, 2011 11:00 am

yellowpeter wrote:Hello,

We are the Tapatalk team and would like to know if there is any existing security vulnerabilities that we are not aware of? We usually can fix it within 24 hours if any details can be given.

Just want to chime in here so to provide a more official voice from the development team :P
Submit the application to the MOD database is one way to find out.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

User avatar
yellowpeter
Registered User
Posts: 77
Joined: Wed Dec 17, 2008 4:08 am

Re: Tapatalk Vulnerabilities?

Post by yellowpeter » Wed Jan 12, 2011 6:35 am

RMcGirr83 wrote:
yellowpeter wrote:Hello,

We are the Tapatalk team and would like to know if there is any existing security vulnerabilities that we are not aware of? We usually can fix it within 24 hours if any details can be given.

Just want to chime in here so to provide a more official voice from the development team :P
Submit the application to the MOD database is one way to find out.
Hello RMcGirr83,

I am glad you bring it up. We have actually submitted it on May last year (7 months ago) with no update from the Customization Team. I have PM DavidIQ 6 months ago and was told "it can take up to one month". And half year gone by we haven't heard anything - So we thought the MOD Database is no longer in maintenance?

We would be very much interested in getting the MOD review and approval. If you can connect us to the respective person in your team it would be very much appreciated.
Tapatalk - iPhone native client for phpBB3 (in development)

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25456
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Tapatalk Vulnerabilities?

Post by Paul » Wed Jan 12, 2011 10:16 am

Iam going to contact you in private about this.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
yellowpeter
Registered User
Posts: 77
Joined: Wed Dec 17, 2008 4:08 am

Re: Tapatalk Vulnerabilities?

Post by yellowpeter » Mon Jan 17, 2011 6:05 am

Thanks Paul - will follow-up accordingly.
Tapatalk - iPhone native client for phpBB3 (in development)

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25456
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Tapatalk Vulnerabilities?

Post by Paul » Mon Jan 17, 2011 9:33 am

No problem :)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

azhrei_fje
Registered User
Posts: 15
Joined: Fri Feb 13, 2009 6:28 pm

Re: Tapatalk Vulnerabilities?

Post by azhrei_fje » Wed Mar 23, 2011 6:44 am

So what's the status of this? I still don't see Tapatalk listed in the MOD database and there's been no word here for two months...

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25456
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Tapatalk Vulnerabilities?

Post by Paul » Wed Mar 23, 2011 8:28 am

azhrei_fje wrote:So what's the status of this? I still don't see Tapatalk listed in the MOD database and there's been no word here for two months...
If the MOD author dont submit the MOD we cant add it to the MODDB.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
lurttinen
Translator
Posts: 4670
Joined: Tue Sep 21, 2004 12:05 pm
Location: Tampere, Finland
Name: Martti Lokka
Contact:

Re: Tapatalk Vulnerabilities?

Post by lurttinen » Thu Mar 24, 2011 10:35 pm

Looks like tapatalk does not respect forum password.
I can view a password protected forum without entering a password. :P
Signature is here

Post Reply

Return to “phpBB Discussion”