GUWAHATI, Aug 26 - Indrajeet Bhuyan, the 18-year-old security researcher from Guwahati who has taken the cyber world by storm with his findings, has found a flaw in the popular chatting service �Omegle�.
Earlier, Indrajeet had made the smallest possible code of 2kb which could crash WhatsApp which affected 500 million people and also reported security holes in the WhatsApp web client that in some way exposes its users� privacy.
Last year, he had found a flaw in Indian banking system affecting thousands of Indian banks using which an attacker can see the bank balance and transaction history of anyone. His work on banking flaw got him selected for the Ground Zero Summit, Asia�s foremost information security conference.
This young bug hunter has now shown how Omegle is saving screenshots of every �so-called� anonymous chat session at a specific location on their web server, which could be downloaded by anyone with little knowledge of website structure.
�Omegle is a very popular site where users can chat with others anonymously. The service randomly pairs you in one-on-one chat window where you can chat anonymously over text or webcam. I was exploring the site to see if there is any way to get information about users. I found that the site is not as anonymous as it claims. Each chat log is saved in their server after a user disconnects from the conversation,� said Indrajeet.
People using Omegle often think their chats are private and the messages get deleted once they log off from the conversation. Due to this false sense of security, people often share sensitive information on it.
�Omegle saves every chat in their server when a user disconnects from the chat and they assign a special token to each chat log. I have made a simple python script which generates tokens of its own, whenever a token matches with that of Omegle�s token, the server thinks it to be genuine and gives the chat log which the script downloads to a folder,� Indrajeet revealed adding that after analyzing the chat logs, he found that most of the people shared personal information like their phone number, email ID, address, social media links in these chats as they think its private. �If these information gets into the hand of hackers or fraudsters then they might misuse it,� warned Indrajeet.
�We should be careful with what identifiable information we are sharing over such online service while chatting with strangers. The more personal information we share, the more chances there are for others to misuse our information,� added Indrajeet.