Support Me ��


SUBSCRIBE NOW

Hacker Breaks Into French Government's New Secure Messaging App





A white-hat hacker found a way to get into the French government's newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities.


Dubbed "Tchap," the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials, parliamentarians and ministers data on servers inside the country over concerns that foreign agencies could use other services to spy on their communications.

The Tchap app is built using the Riot client, an open source instant messaging software that implements self-hostable Matrix protocol for end-to-end encrypted communication.

Yes, it's the same "Riot and Matrix" that was in the news earlier this week after an unknown hacker breaks into its servers and successfully stole unencrypted private messages, password hashes, access tokens, and GPG keys the project maintainers used for signing packages.

The cyber attack on Matrix was so serious that it eventually forced its maintainers to shut down the entire production infrastructure of the service for several hours and log all users out of Matrix.org.

Though the Tchap app is available on Google Play Store and can be downloaded by anyone, users who have a government-issued email account, for example, @gouv.fr or @elysee.fr, are the only one who can sign-up and access it.

However, Robert Baptiste, a French security researcher who is better known by his Twitter username Elliot Alderson, found a security loophole that could allow anyone to sign up an account with the Tchap app and access groups and channels without requiring an official email address.


In a blog post published today, Robert demonstrated how he was able to create an account with the service using a regular email ID by exploiting a potential email validation bug in the Tchap's Android app.
"I modified email to fs0c131y@protonmail.com@presidence@elysee.fr. Bingo! I received an email from Tchap, I was able to validate my account!" Robert says.
"I am logged as an Elysée employee, and I had access to the public rooms."
Robert notified his findings to the Matrix team, who quickly released a patch update to fix the issue, which according to the team, was specific only to the DINSIC matrix deployment.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.

Dinesh Kumar S is a 23-year-old System Administrator who enjoys playing games, listening to music and learning new technology. He is friendly and generous, but can also be very lazy and crazy.

Share this

Backlinks

Website Design Company in Coimbatore
Website Design Company in Tamil nadu
Website Design Company in Karur
Website Design Company in Erode
Website Design Company in ooty
Website Design Company in theni
Website Design Company in thoothukudi
Website Design Company in Chennai
Website Design Company in Sathy
Website Design Company in Coimbatore Tamilnadu
Cheap Website Design Company in Coimbatore
Adsense Website Design Company in Coimbatore
ecommerce Website Design Company in Coimbatore
school Website Design Company in Coimbatore
Academy Website Design Company in Coimbatore
Test Website Design Company in Coimbatore
Best Website Design Company in Coimbatore
Adsense Website Design Company in Coimbatore
Adsense Website Design Company in Tamil nadu
Adsense Website Design Company in Karur
Adsense Website Design Company in Erode
Adsense Website Design Company in ooty
Adsense Website Design Company in theni
Adsense Website Design Company in thoothukudi
Adsense Website Design Company in Chennai
Adsense Website Design Company in Sathy
Free SEO Tools online
Free SEO Tools online Website
Free SEO Tools online Plagiarism
Free SEO Tools online article rewriter tool
Free SEO Tools online article reading and writing criticism
Free SEO Tools online seo backlink
Free SEO Tools online Free backlink maker
Free SEO Tools online seo backlink strategy
Free SEO Tools online content writting
360 help SEO Tools online Plagiarism checker
360 help SEO Tools online seo backlink
360 help SEO Tools online Free backlink maker
360 help SEO Tools online content writting
360 help SEO Tools online article rewriter tool
360 help SEO Tools
360 help SEO Tools India
360 help SEO Tools Tamil
360 help SEO Tools website