Hours after Baba Ramdev’s Patanjali announced the launch of WhatsApp competitor ‘Kimbho’, an instant messaging app, French security analyst has discovered serious security vulnerabilities in the app. Another techie also claimed on Twitter that Kimbho is the copy of another chat app ‘Bolo’.
The security analyst, who goes by the name Elliot Alderson on Twitter pointed out that Kimbho isn’t secure. “Hi KimbhoApp before trying to compete WhatsApp, you can try to secure your app. It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted.
Hi @KimbhoApp before trying to compete #WhatsApp, you can try to secure your app. It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice #kimbhoApp pic.twitter.com/YQqK8lfIeI
— Elliot Alderson (@fs0c131y) May 30, 2018
According to him, the app developed by a woman from Appdios has to be removed from Google Play immediately because of a critical vulnerability. Interestingly, as of Thursday, the app was no longer available on Google Play, after having received 5,000 downloads. Calling it a security disaster, Elliot claimed that he could access the messages of all the users.
In the past, Elliot has reported several vulnerabilities in applications and organizations such as UIDAI (for Aadhaar), OnePlus, Paytm, PhonePe, LockheedMartin and a few banks including Reserve Bank of India (RBI) as well.
Meanwhile, a Bengaluru-based techie also took to Twitter to point out that Kimbho is seemingly a copy-paste of another application called Bolo. He posted screenshots to show that the description and screenshots in the app stores are the same.
“It is build on an app called "BOLO". Kimbho team is so dumb that they didnt even changed the OTP SMS format!! Even the description n pics used are same as Bolo app,” he Tweeted.
It is build on an app called "BOLO". Kimbho team is so dumb that they didnt even changed the OTP SMS format!! Even the description n pics used are same as Bolo app! https://t.co/QKGjYC1y2J pic.twitter.com/40yRxZKbLX
— Abhishek Singh (@ThakurrSaab) May 31, 2018
Interestingly, screenshots posted on Kimbho’s Twitter page also show BoloApp written on top of the messages users receive from Kimbho upon registering.
Share video and voice messages. Send multiple photos, stickers, GIFs. Write anything with your finger and share. Shake anytime to share your location. Send important links and contacts. #kimbhoApp pic.twitter.com/7ERunfARTH
— Kimbho Chat App (@KimbhoApp) May 30, 2018
Patanjali announced the launch of Kimbho App on Wednesday, calling it a WhatsApp competitor.
“Now Bharat will speak. After launching sim cards, baba Ramdev has launched a new messaging application called Kimbho. Now Whats App will be given a competition. Our own Swadeshi Messaging platform. Download it directly from Google Play store," Patanjali spokesperson SK Tijariwala tweeted on Wednesday.
The Kimbho app has been now taken down from the Google PlayStore. Post that, there was a Tweet on Kimbho’s Twitter page on Thursday stating, “We are facing extremely high traffic on Kimbho. We are in process of upgrading our servers and will be back shortly. Sorry for the inconvenience. Please stay tuned.”
However, the app is still available on the Apple store.