They tried to log in secret.telemessage.com Using a couple of these credentials and discovered that they had hacked a user with an email address associated with US Customs and Border Protection, one of Trump’s Draconian immigration policy enforcement agencies. Is since CBP Verification That it was a teleport customer.
After spending a few more minutes to dig a pile of dumps, the hacker also found a simple text chat logs. The hacker said, “I can read the inner chats of the coin base, it’s incredible.” (Coin Base did not respond to the Wired Request for the comments, but what Tell 404 Media that “there is no evidence that any sensitive Coinbase users information was accessed or that any customer account is at risk, as the coin base does not use this tool to share passwords, seed phrases, or other data needed to access accounts.”
At this point, the hacker says he spent 15 to 20 minutes on teleport servers, and he has already compromised with a customer of his federal government as well as one of the world’s largest cryptocurrency exchange.
As I discovered Analyze TMSGNL’s Source Code, Tele Message Apps – Mike Walts is running on the phone. Archive.Telmicage Dot Com (I call it the archive server), which then sends messages to the customer’s final destination. This contradicts the telecommunication’s public marketing content, where he claims that TMSNGL “uses encryption from mobile phones to the end of the corporate archive.”
The archive server has been programmed in Java and is made using an open source framework, Spring Boat to create Java applications. The Spring Boat contains a set of features called Active, which helps developers monitor and debugged their requests. Is one of these features Hep Dump & PointWhich is the URL that is used to download a hacker hep dump.
According to the Spring Boat Activator Documents: “Since the closing points may contain sensitive information, so should they be careful about exposing them.” In the case of Tele Message Archive Server, the Hep Dump contained usernames, passwords, unclavic chat logs, encryption keys and other sensitive information.
If anyone on the Internet had loaded a pile of dump URL because Mike Walts was texting using the TMSGNL app, the hep dump file would also contain its unclassified signal messages.
A 2024 Post Cloud Security Company Wes Blog has a list of “exposed headamp file”, which has a common misconception in the Spring Boat Activator. “Up to Version 1.5 (issued in 2017), /Hep Dump and Point was created as publicly exposed and accessible by default. Since then, in the later version, the Spring Boat Activator has justified its defaults to expose the ends of health and /information without verification. “Despite this improvement, developers often disable these protective measures for diagnostic purposes when applications deploy for environmental testing, and may not be able to change the small setting and thus when an application is pushed into production, allowing them to be unwilling to invader the data.
In 2020 Post On Walmart’s World Tech Blog, another developer gave a similar warning. The author wrote, “Apart from /health and /information, all the actress locations are at risk to open for end users as they can expose application dumps, logs, configuration data and control.” “Activator’s closing points have safety implications and should never be exposed in a productive environment.”
The hacker’s teleport’s immediate exploitation shows that the archive server was badly wrong. It was either running an eight -year -old version of the Spring Boat, or someone manually created it to expose the pile of dumps on the public Internet.
This is why with sensitive data spread, it promoted for 20 minutes before opening.
Despite this critical threat and other security issues with teleport products, in particular, the Israeli firm that produces the product can access all its customers’ chat logs in simple text.