Security concerns

Security researcher outs another exploit in Windows 8.1, 7

Fight for Privacy

David Cameron wants to ban encrypted messaging apps

Security concerns

Researcher publishes unpatched vulnerability in Windows 8.1

Teaming up

Major tech companies support Microsoft email privacy stance

Rally that Lobby

Tech giants lobby Senate to curb NSA spying

Privacy Redux

Congress discusses privacy in wake of nude leaks

Cellular security

T-Mobile quietly upgrades 2G network security

We teach you

How Microsoft Account two-step verification works

Here we go again

Dropbox accounts hacked, service not to blame for leak

Browse better

Here is how to block ads in IE 11 for Windows 8.1

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Windows Apps

1Password for Windows gets much needed 4.0 update

Microsoft News

Simplifying its terms, Microsoft wants you to understand what you agree to


Using strong passwords and keeping your online self secure

Microsoft News

Microsoft awarded top marks for protecting user data from prying governments

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

< >

Tango PC app lets users break into any Tango account [Updated] PC application

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.



Reader comments

Tango PC app lets users break into any Tango account [Updated]


Hate it when companies and organizations don't take care of data. So much for privacy policies to agree to. :|

Meh. I can't even get Tango (either the HTC or the vanilla version) to let me set up an account on AT&T for my TItan. Keep getting an error that AT&T are blocking me.

Well they managed the thing extremely fast, so ok they need to put more enthusiasm on protect data, but can't be harsh at them, they fixed fast

Bullshit...I just installed tango on my pc...and tango on my PC also has all my other contacts...not just my tang contacts...So obviously tango is grabbing them from my phone and storing them somewhere...
Oh...and calls from my PC tango to phones does not work