So, even outside of this hack, I assume Israel itself had all the information.A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages.
Micah Lee
Well, he didn't technically reveal it. Someone took a picture of his phone while he was using it.The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.
I guess no one quesitoned that. Even Signal is end-to-end encrypted.Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.
[...]
The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
So Telemessage claimed it maintined the encryption.The breach was first reported by 404 Media, which said the hacker was able to make off a trove of data relating to the U.S. Customs and Border Protection agency, the cryptocurrency firm Coinbase Global Inc., and various other financial institutions that appear to be using the TeleMessage clone. It also revealed snippets of a conversation among Democratic lawmakers discussing their opposition to a controversial new cryptocurrency bill:
[...]
TeleMessage markets itself to government agencies and businesses, claiming that it offers them a simple way to archive messages from encrypted platforms such as Signal and WhatsApp.
U.S. government officials are required to preserve their communications to comply with data retention laws. However, those laws create a challenge, because officials also have to adhere to stringent security protocols. They’re essentially required to communicate within a private “intranet” that’s closed off from the rest of the digital world to minimize the risk of security breaches.
TeleMessage says it works by making clones of the official apps. In a video posted on YouTube, it says it can keep Signal’s end-to-end encryption and other security measures fully intact. Normally, when using Signal, the encryption ensures that only the sender and intended recipient of a messaging can read its contents. TeleMessage appears to get around this by adding a third party to conversations, so it can send those messages to a storage archive.
Silicon Angle
Since it was first installed, I'm guessing.According to 404 Media, the hacker said he was able to breach TeleMessage’s system in about 15 to 20 minutes. He claimed that he targeted the company after learning about it from earlier media reports, saying he was “just curious” about how secure its cloned apps really are.
The hacker added that he chose not to disclose the issue to TeleMessage first, because he was worried the company might try to cover it up. “It wasn’t much effort at all,” the hacker said. “If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?”
You think?404 Media said TeleMessage Chief Executive Guy Levit declined to comment on the report, which is likely to be extremely damaging for his company. Public records reveal that TeleMessage has contracts with dozens of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.
The Telemessage website still has a home page, but no links work.
Also...
No comments:
Post a Comment