France had to shut down the Tchap application a few hours after an unknown hacker broke into the servers and robbed all the encrypted information, messages and passwords. The motive behind creating this app was to stay out from all the third party apps that could lead to hacking.
Now, Tchap is back again as promised. This software helps officials have conversations via iOS, Android and web. The only requirement to use the app is to give the French government email address to sign in, that is where the issue arised.
Elliot Alderson, a security researcher observed that anybody could access the stored information which was supposed to be encrypted. The researcher curiously entered @elysee.fr (the presidential palace) address and found that he could access all public chats, and start interactions with government workers.
The eleventh-hour issue was promised to be sorted. And here it is; now the application can be used without any fear of being hacked.
“The fact that the authentication and user-signup process was not created securely, and it was simply trusting that if the user provided a username that simply ended in ‘@french-government-domain.com’ and allowing them to sign-up and authenticate is completely flawed,” Nabil Hannan, managing principal at Synopsis Inc. said.