Summary

Article Metadata

Mike Waltz's Signal Hacked

This is a news story, published by Wired, that relates primarily to Smarsh news.

Smarsh news

For more Smarsh news, you can click here:

more Smarsh news

software applications news

For more software applications news, you can click here:

more software applications news

Wired news

For more news from Wired, you can click here:

more news from Wired

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about

TeleMessage Signal

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest TeleMessage news, Signal messages news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

unencrypted Signal messages

Wired

•

Technology

Here’s how a hacker hacked TeleMessage’s secure.telemessage.com

Summary

Nutrition label

58% Informative

An anonymous hacker says they hacked TeleMessage , a clone of encrypted messaging app, recently acquired by Smarsh .

The exploit that the hacker used was incredibly simple.

TeleMessage has temporarily suspended all services, which is now why WIRED can share exactly how this hack took place without risking anyone’s private data.

TeleMessage ’s archive server was running an eight-year-old version of Spring Boot , or someone had manually configured it to expose the heap dump endpoint to the public internet.

In the case of TeleMessage 's archive server, the heap dumps contained usernames, passwords, unencrypted chat logs, encryption keys, and other sensitive information.

Despite this critical vulnerability and other security issues with TeleMessage , someone in the Trump administration deployed it to Mike Waltz's phone.

VR Score

Informative language

Neutral language

Article tone

semi-formal

Language

English

Language complexity

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

detected

Known propaganda techniques

detected

Time-value

short-lived

External references

https://medium.com/walmartglobaltech/perils-of-spring-boot-actuators-misconfiguration-185c43a0f785 https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/https://www.dropsitenews.com/p/telemessage-mike-waltz-pam-bondi-israel-tech https://github.com/epi052/feroxbuster https://micahflee.com/despite-misleading-marketing-israeli-company-telemessage-used-by-trump-officials-can-access-plaintext-chat-logs/https://docs.spring.io/spring-boot/api/rest/actuator/heapdump.html https://docs.spring.io/spring-boot/docs/2.5.6/reference/html/actuator.html https://www.wiz.io/blog/spring-boot-actuator-misconfigurations

Source diversity

medium.com www.404media.co www.dropsitenews.com github.com micahflee.com docs.spring.io www.wiz.io

Affiliate links

no affiliate links

Read full article