Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages.

This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages.

Scheduled Pinned Locked Moved Uncategorized
6 Posts 6 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • josephcox@infosec.exchangeJ This user is from outside of this forum
    josephcox@infosec.exchangeJ This user is from outside of this forum
    josephcox@infosec.exchange
    wrote last edited by
    #1

    This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages. And anyone can get anyone else's private key by just sending the user ID to the API. Possibly worst ever https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

    davidnielsen@mastodon.socialD kaasbaas@social.oevents.co.zaK sempf@infosec.exchangeS 3 Replies Last reply
    0
    • josephcox@infosec.exchangeJ josephcox@infosec.exchange

      This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages. And anyone can get anyone else's private key by just sending the user ID to the API. Possibly worst ever https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

      davidnielsen@mastodon.socialD This user is from outside of this forum
      davidnielsen@mastodon.socialD This user is from outside of this forum
      davidnielsen@mastodon.social
      wrote last edited by
      #2

      @josephcox this is so insane it almost feels like a honeypot setup by the police.

      rusty__shackleford@mastodon.socialR 1 Reply Last reply
      0
      • josephcox@infosec.exchangeJ josephcox@infosec.exchange

        This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages. And anyone can get anyone else's private key by just sending the user ID to the API. Possibly worst ever https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

        kaasbaas@social.oevents.co.zaK This user is from outside of this forum
        kaasbaas@social.oevents.co.zaK This user is from outside of this forum
        kaasbaas@social.oevents.co.za
        wrote last edited by
        #3

        @josephcox who wants to bet the words "vibe" and "coded" were involved?

        1 Reply Last reply
        0
        • davidnielsen@mastodon.socialD davidnielsen@mastodon.social

          @josephcox this is so insane it almost feels like a honeypot setup by the police.

          rusty__shackleford@mastodon.socialR This user is from outside of this forum
          rusty__shackleford@mastodon.socialR This user is from outside of this forum
          rusty__shackleford@mastodon.social
          wrote last edited by
          #4

          @DavidNielsen @josephcox

          As someone who looked at teleGuard and ALWAYS assumed honeypot. This fucking tracks.

          1 Reply Last reply
          0
          • josephcox@infosec.exchangeJ josephcox@infosec.exchange

            This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages. And anyone can get anyone else's private key by just sending the user ID to the API. Possibly worst ever https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/

            sempf@infosec.exchangeS This user is from outside of this forum
            sempf@infosec.exchangeS This user is from outside of this forum
            sempf@infosec.exchange
            wrote last edited by
            #5

            @josephcox Let me guess. It was vibe coded, right?

            stiiin@infosec.spaceS 1 Reply Last reply
            0
            • sempf@infosec.exchangeS sempf@infosec.exchange

              @josephcox Let me guess. It was vibe coded, right?

              stiiin@infosec.spaceS This user is from outside of this forum
              stiiin@infosec.spaceS This user is from outside of this forum
              stiiin@infosec.space
              wrote last edited by
              #6

              @Sempf @josephcox It launched in 2021, so perhaps a bit too soon for that.

              1 Reply Last reply
              1
              0
              • R relay@relay.infosec.exchange shared this topic
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes

              • Login
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • World
              • Users
              • Groups