Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

French government releases in-house IM app to replace WhatsApp and Telegram use

The AchieVer

By The AchieVer
in General News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

French government releases in-house IM app to replace WhatsApp and Telegram use

French government open-sources in-house-made end-to-end encryption IM app named Tchap.

 
Tchap

 

The French government has developed its own end-to-end encrypted instant messenger (IM) app to replace government employee use of Telegram, WhatsApp, and other third-party IM clients.

 

The app, named Tchap, was launched yesterday, April 18, and is available on the official iOS and Androidapp stores. A web dashboard is also in the works.

 

Only official French government employees can sign-up for an account; however, the French government also open-sourced Tchap's source code on GitHub so other organizations can roll out their own versions of Tchap for internal use as well.

TCHAP IS BASED ON RIOT

Work on the app started in July 2018, and the app itself is based on Riot, a well-known open-source, self-hostable, and secure instant messaging client-server package.

 

The app was officially developed by DINSIC (Interministerial Directorate of Digital and Information System and Communication of the State), under the supervision of ANSSI, France's National Cybersecurity Agency.

 

The French government plans to enforce Tchap use for any informal communications between government employees, agencies, and some (carefully selected) non-government entities and civilians.

 

The general idea is to keep government communications flowing through internal servers, and away from third-party services, like Telegram, Signal, WhatsApp, Wickr, or other encrypted IM clients, which may be vulnerable to attacks or under the surveillance of foreign intelligence agencies.

SECURITY FLAW FOUND HOURS AFTER RELEASE

But despite the French government's plans, the app's launch didn't go as planned. On the same day it was released, French security researcher Baptiste Robert found a security flaw in Tchap that would have allowed anyone to register an account and spy on the French government's internal communications.

 

The researcher found that by adding a government email domain on top of his regular email, like so [email protected]@french-government-domain.com, he could register on the app, even when not being authorized to do so.

tchap-hacked.jpg

 

Image: Baptiste Robert
 

Matrix, the company behind the Riot client fixed the issue on the same day, and the patch is expected to reach Tchap users in the coming days.

 

Tchap was named after French scientists Claude Chappe, the inventor of the Chappe optical telegraphy system that was once deployed across France between 1792 and the 1850s, until it was replaced by a more sturdy electrical telegraph system.

 

Just like its US counterpart, the NSA, the French cyber-security agency has a habit of open-sourcing some of its cyber-security projects. Last October, ANSSI open-sourced CLIP OS, a secure Linux-based operating system that its engineers also developed for internal governmental use. ANSSI also released ADTimeline, a tool for Active Directory forensics investigations.

 

 

 

Source

Link to comment
Share on other sites
  • Replies 5
  • Views 1.3k
  • Created
  • Last Reply
The AchieVer

The AchieVer

Posted
  • Author
Posted

Hacker Breaks Into French Government's New Secure Messaging App

 
french Tchap secure messenger

 

A white-hat hacker found a way to get into the French government's newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities.

Dubbed "Tchap," the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials, parliamentarians and ministers data on servers inside the country over concerns that foreign agencies could use other services to spy on their communications.

The Tchap app is built using the Riot client, an open source instant messaging software that implements self-hostable Matrix protocol for end-to-end encrypted communication.

Yes, it's the same "Riot and Matrix" that was in the news earlier this week after an unknown hacker breaks into its servers and successfully stole unencrypted private messages, password hashes, access tokens, and GPG keys the project maintainers used for signing packages.

The cyber attack on Matrix was so serious that it eventually forced its maintainers to shut down the entire production infrastructure of the service for several hours and log all users out of Matrix.org.

Though the Tchap app is available on Google Play Store and can be downloaded by anyone, users who have a government-issued email account, for example, @gouv.fr or @elysee.fr, are the only one who can sign-up and access it.

However, Robert Baptiste, a French security researcher who is better known by his Twitter username Elliot Alderson, found a security loophole that could allow anyone to sign up an account with the Tchap app and access groups and channels without requiring an official email address.


In a blog post published today, Robert demonstrated how he was able to create an account with the service using a regular email ID by exploiting a potential email validation bug in the Tchap's Android app.
 
"I modified email to [email protected]@[email protected]. Bingo! I received an email from Tchap, I was able to validate my account!" Robert says.

"I am logged as an Elysée employee, and I had access to the public rooms."


Robert notified his findings to the Matrix team, who quickly released a patch update to fix the issue, which according to the team, was specific only to the DINSIC matrix deployment.

 

 

Source

Link to comment
Share on other sites
Ha91

Ha91

Posted
Posted

It is one of the most stupid ideas that I have ever heard of secret communication app, which is openly announced and here we have one of G8 governments acting like they don't have the mind of even a ten-year old of this generation.

I guess the Champagne, Pinot and Cheese got "zem furench kwrazy".

Link to comment
Share on other sites
mkc21

mkc21

Posted
Posted
3 hours ago, Ha91 said:

It is one of the most stupid ideas that I have ever heard of secret communication app, which is openly announced and here we have one of G8 governments acting like they don't have the mind of even a ten-year old of this generation.

I guess the Champagne, Pinot and Cheese got "zem furench kwrazy".

 

these boomer politians are clueless about technology and the information age. What did you expect?

Link to comment
Share on other sites
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...