ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an malicious user to impersonate an authoritative server.