Search This Blog


Monday, 22 April 2019

Hacker Breaks Into French Government's New Secure Messaging App

Hacker Breaks Into French Government's New Secure Messaging App



hacker breaks into tchap app


The French government has found a white hat hacker to access the newly released, secure encrypted messaging app, which can only be accessed by authorities and politicians with associated email accounts with government identities.

Encrypted, open source messaging application of the "government" is set up by the French government in order to keep ministries data on their officers, parliamentarians, and country-wide servers as concerns that foreign agencies can use other services. Keep track of their communications.

The Tichapp application is built using Riot Client, an open source instant messaging software that executes the self-hosted Matrix protocol for encrypted communication that ends with the end.

Yes, "Riot and Matrix" is the same week after the unidentified hacker successfully stolen project servers used to sign packages for private messages, password hashes, access tokens, and GPG keys earlier this week, which broke down on their servers.

The Matrix cyber attack was very serious, and finally its manager urged the service to shut down the entire production infrastructure for several hours and access all users from Matrix.org.

The tachap app is available in the Google Play Store and anyone can download, users with an email account issued by the government, for example, @ gouv.fr or @ elysee.fr, just sign-up and access it.

However, Robert Baptist, a French security researcher whose Twitter username Elliot Alderson has found security loopholes, has found security loopholes that allow anyone to sign up with Tichapp app and access groups and channels without needing an official email address.

In a blog post published today, Robert showed that he was able to create an account with the services using a regular email ID by using a potential email validation error in the Tichop Android app.

    "I've changed the email to fs0c131y @ protonmail.com @ presidence @ elysee.fr! Bingo! I've received an email from a ticket and can validate my account!" Says Robert.

    "I'm logged into the Elysee employee, and I have access to public rooms."


Robert observed his findings for the Matrix team, which, according to the team, released the Patch update quickly to resolve this issue, was only specific to the DNSC matrix deployment.

Need to say something about this article? Comment below or share it on Facebook, Twitter or LinkedIn Group.


No comments:

Post a Comment