FlagThis

A new report by Citizen Lab and the EFF Threat Lab has uncovered critical security vulnerabilities within the popular Chinese social media application, RedNote. The analysis, conducted on version 8.59.5 of the app, revealed that RedNote transmits user content, including viewed images and videos, over unencrypted HTTP connections. This exposes sensitive user data to potential network eavesdroppers, who can readily access the content being browsed.

Additionally, the report highlights that the Android version of RedNote contains a vulnerability that could allow attackers to access the contents of files on a user's device. The app also transmits device metadata without adequate encryption, sometimes even when using TLS, potentially enabling attackers to learn about a user's device screen size and mobile network carrier. Despite responsible disclosures to RedNote and its vendors NEXTDATA and MobTech in late 2024 and early 2025, no response has been received regarding these critical security flaws.

ImgSrc: www.eff.org

References :

• citizenlab.ca: The report highlights three serious security issues in the RedNote app.
• Deeplinks: The EFF Threat Lab confirmed the Citizen Lab findings about Red Note.
• www.forbes.com: Is RedNote Safe? Here's What Millions of TikTok Users Need to Know
• Deeplinks: Crimson Memo: Analyzing the Privacy Impact of Xiaohongshu AKA Red Note

Classification:

• HashTags: #RedNote #CyberSecurity #PrivacyConcerns
• Company: string
• Target: Users
• Attacker: string
• Product: Social Network
• Feature: Privacy
• Malware: string
• Type: DataBreach
• Severity: Medium