SMSWithoutBorders: Keeping You Secure - Results of a Penetration Test

Here at SMSWithoutBorders, your security is our top priority. That's why we had a penetration test conducted by Open Technology Fund’s Radically Open Security (ROS), a team of experts dedicated to finding and eliminating vulnerabilities in software. This test focused on the SWOB Android app (now RelaySMS) and back-end(now vault) code, aiming to identify any potential weaknesses that could be exploited.

What is a Penetration Test?

Imagine a team of skilled ethical hackers trying to break into your house. A penetration test is similar, but instead of a house, it's your software! The ROS team had full access to the inner workings of SWOB (like a blueprint of the house) to see if they could find ways to bypass security measures.

What Did They Find?

The good news is that the test identified only one high-severity vulnerability. This issue stemmed from a lack of input validation in a specific area, potentially allowing attackers to inject malicious code when users sync saved tokens. In simpler terms, a cleverly crafted username could have tricked the system into running harmful scripts. However, rest assured, this vulnerability has been completely fixed! The test also uncovered several medium-to-low severity vulnerabilities, which have all been addressed by the SWOB development team. Following these fixes, ROS conducted additional tests to confirm that the vulnerabilities were truly eliminated.

What This Means for You

This penetration test demonstrates our commitment to proactive security measures. By actively seeking out and eliminating vulnerabilities, we can ensure that your communication with SWOB remains secure, even in offline situations.

Stay Informed, Stay Secure

We will continue to conduct regular penetration tests and security audits to maintain the highest level of protection for our users. Read Open Technology Fund’s full official report on the audits for more information.