They tried to log in secret.telemessage.com Using a couple of these credentials and discovered that they had hacked a user with an email address associated with US Customs and Border Protection, one of Trump’s Draconian immigration policy enforcement agencies. The CBP has since confirmed that the teleport is a customer.
After spending a few more minutes to dig a pile of dumps, the hacker also found a simple text chat logs. The hacker said, “I can read the inner chats of the coin base, it’s incredible.” (Coin Base did not respond to a wired request for comments, but he told 404 media that “there is no evidence that any sensitive Coinnbase users were accessed or any customer account was in danger, as Coinbase does not use this tool to use passwords, seed phrases, or other data access to other data.”
At this point, the hacker says he spent 15 to 20 minutes on teleport servers, and he has already compromised with a customer of his federal government as well as one of the world’s largest cryptocurrency exchange.
As I inquired from analyzing the TMSGNL source code, Tele Message Apps – such as Mike Walts are running on the phone. Archive.Telmicage Dot Com (I call it the archive server), which then sends messages to the customer’s final destination. This contradicts the telecommunication’s public marketing content, where he claims that TMSNGL “uses encryption from mobile phones to the end of the corporate archive.”
The archive server has been programmed in Java and is made using an open source framework, Spring Boat to create Java applications. The Spring Boat contains a set of features called Active, which helps developers monitor and debugged their requests. One of these features is the Hep Dump End Point, which is a hacker used to download a hacker hep dump.
According to the Spring Boat Acacher’s documents: “Since the closing points may contain sensitive information, so when to expose them should be careful.” In the case of Tele Message Archive Server, the Hep Dump contained usernames, passwords, unclavic chat logs, encryption keys and other sensitive information.
If anyone on the Internet had loaded a pile of dump URL because Mike Walts was texting using the TMSGNL app, the hep dump file would also contain its unclassified signal messages.
A 2024 post on Cloud Security Company Wes Blog has a list of “exposed Hepadamp File”, which has a common misconception in the Spring Boat Activator. “Up to Version 1.5 (issued in 2017), /Hep Dump and Point was created as publicly exposed and accessible by default. Since then, in the later version, the Spring Boat Activator has justified its defaults to expose the ends of health and /information without verification. “Despite this improvement, developers often disable these protective measures for diagnostic purposes when applications deploy for environmental testing, and may not be able to change the small setting and thus when an application is pushed into production, allowing them to be unwilling to invader the data.
In the 2020 post on Walmart’s Global Tech Blog, another developer gave a similar warning. The author wrote, “Apart from /health and /information, all the actress locations are at risk to open for end users as they can expose application dumps, logs, configuration data and control.” “Activator’s closing points have safety implications and should never be exposed in a productive environment.”
The hacker’s teleport’s immediate exploitation shows that the archive server was badly wrong. It was either running an eight -year -old version of the Spring Boat, or someone manually created it to expose the pile of dumps on the public Internet.
This is why with sensitive data spread, it promoted for 20 minutes before opening.
Despite this critical threat and other security issues with teleport products, in particular, the Israeli firm that produces the product can access all its customers’ chat logs in simple text.
