How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

pulse_of_truth·Pulse of TruthbyResident Pulser

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/Open link View original on infosec.pub

Comments4

krogoth

infosec.pub

«When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.»

Comedy gold, the whole article…

Raltoid reply

lemmy.world

Client side md5 password hashing, JSP, having public facing links to dump the heap due to default configuration..

Either this was made by someone who took a programming course twenty years ago and haven't touched it since. Or it was intentionally made to be insecure.

LadyMeow

lemmy.blahaj.zone

What the….? Why use a knockoff? Signal is free…

Chronographs reply

lemmy.zip

Because they want to archive their messages assumedly, and because they’re clownishly incompetent of course