 |
Post Atl1kmfMpJyBXh9Xd2 by [email protected] |
 |
More posts by [email protected] |
|
Post #AthFuLNNlc9QWeLz4y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senio… |
|
|
|
Post #AthFuLVXHIfmvwAUmu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee This is probably why Marco Rubio is qualified for National Security … |
|
|
|
Post #AthOQ17zNt72culeCm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee maybe this app is only for plausible deniability, in reality they us… |
|
|
|
Post #AthOQ1EN0ADUwhkk9Q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@slim no one new they used this app until Mike Waltz was photographed using it,… |
|
|
|
Post #AthSmDaE9hRhRaojyq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee did you try and play around with your user agent or headers to see i… |
|
|
|
Post #AthSmDiNfNy3qsdFgm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee I haven’t looked, but I wonder if some of the online malware zoos … |
|
|
|
Post #AtiFXEf0lQ7GC9XZKK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee did u see this? -> https://central.smarsh.com/s/article/How-to-se… |
|
|
|
Post #AtiHxjxPE49AhIuVxw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee There's no chance they're using this to comply with the Gove… |
|
|
|
Post #AtiIEzOJ61qXUIiaoK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Nice writeup. `Tap the Downlaod...`not exactly confidence inspiring … |
|
|
|
Post #AtiIJdX7n41Z933hXU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee BTW, “TM SGNL is might be”. |
|
|
|
Post #AtiIT2zeV2FgiLtDRg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@richlv thank you! Fixed |
|
|
|
Post #AtiIdrc79J7Wbf2OPo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee But her emails |
|
|
|
Post #AtiJ1F5e1yiE4qzw7E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee And another link appears between Israel and the American Right. Whil… |
|
|
|
Post #AtiJ1FCNcw6GPk9Jc8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Tattered @micahflee surely that app is taking a second copy for the operating … |
|
|
|
Post #AtiJDYyztbLnFTlPpA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ce3rd @micahflee it is available |
|
|
|
Post #AtieIkK9Fsn2uLyB9s by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ce3rd oh amazing, I missed that, thank you! |
|
|
|
Post #AtikKOpgjIqoYetTZA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ce3rd @micahflee Link, app works for me. I get to the app page, can install. I… |
|
|
|
Post #AtikRrI1KG1gqJhcrw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ce3rd @micahflee Hi |
|
|
|
Post #AtikZo5J7rmzDeXw00 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ce3rd @micahflee It's not clear where logs are sent; I get a "logs se… |
|
|
|
Post #Atil5GHoK4Rjf7OSDQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@adamshostack @ce3rd very interesting. I think it’s sending them to TeleMessa… |
|
|
|
Post #Atiyfs6SUqeEmJs3Wq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee @ce3rd Good flag! Now I wonder if the "new device" flows w… |
|
|
|
Post #AtiyfsCq77kh66r9TU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@adamshostack @micahflee @ce3rd odds are very good (though not 100%) that it wo… |
|
|
|
Post #Atj5l81TR0cvHMzcmm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Found the source!It's linked under the `/developer` path for API… |
|
|
|
Post #Atj5l89yvNQrhkyQ2y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ljrk @micahflee Nice find!! |
|
|
|
Post #Atj5l967RDw8c4AqfI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee The Android code contains a .git unfortunately not with full upstrea… |
|
|
|
Post #Atj5l9QKE66FcjczA0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Uhm, srsly?(This isn't *completely pwn*, it's a local file t… |
|
|
|
Post #Atj5l9o4nn6AoOjxBI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Nvm, they do seem to be violating GPL, at least I can't find thi… |
|
|
|
Post #Atj5lAEJEG5A7l0u4O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Wait... are the logs sent using a global hard-coded static key? |
|
|
|
Post #Atj5yHCIdQXrUxKHJI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ljrk I've actually been looking into this. These are hardcoded credentials… |
|
|
|
Post #Atj7AOsM0rSAk1LFJ2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Yup, could be fun to crap their logs with bullshit though :DAlso I c… |
|
|
|
Post #Atj8CuZtDRPhb5Syrg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee it’s a pretty crazy idea that somewhere is an MDM which you could … |
|
|
|
Post #Atj8CugGpiW9usS4oK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bascule @micahflee oh i bet there are several apts that know too |
|
|
|
Post #AtjCN5CGzMbNFCWdsm by [email protected] |
|
0 likes, 2 repeats |
|
|
|
The source code for the TM SGNL apps (basically a backdoored version of Signal … |
|
|
|
Post #AtjDmYuPl1A8aVsy5Q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@ljrk actually, the shared libraries are all here https://github.com/micahflee/… |
|
|
|
Post #AtjE9YUVTdk7x6jPgO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Oh, yikes.The real-world infosec people (as opposed to those in the … |
|
|
|
Post #AtjE9Yat5uqaGtiVd2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mkj I've been having a field couple of days |
|
|
|
Post #AtjEwizlDBoMignPZA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee LMAO, they weren't just using Signal to plan war crimes, but usi… |
|
|
|
Post #AtjEwj6Uo9CP3Zwn44 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dalias yup, well said |
|
|
|
Post #AtjF7RRinaiNTgz7Kq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee The security of the fake Signal app itself aside (for a moment), how… |
|
|
|
Post #AtjHcCqHLUXV4PGiES by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Right, but it's not yet certain what process they're actuall… |
|
|
|
Post #AtjKMbFN8pYVzOFuzo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mattblaze @micahflee foreign company, or maybe Palintir? |
|
|
|
Post #AtjKkCsdO7FbMosQoC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@catsalad nya :3weirdly enough, it's always the Sunday evenings that have m… |
|
|
|
Post #AtjvqBvfX8VaSW0sk4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee @adamshostack @ce3rd They have an XML interface guide that might be … |
|
|
|
Post #AtjxDsONvFmAlqIozY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee @mattblaze Was the install process ever confirmed beyond "it mu… |
|
|
|
Post #Atjy5SFjKCj9Kznoi8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee @mattblaze Sorry, forgot the link.https://www.telemessage.com/wp-con… |
|
|
|
Post #Atk9uG7VICEbyPNmi0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@InvertedLina @micahflee @mattblaze the thing is, most users aren't sophist… |
|
|
|
Post #Atl1XqSXPfAnXeyyHo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee @dalias For us non infosec folks, a back door means it's more le… |
|
|
|
Post #Atl1XqbOsiGJz9836G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Phosphenes @dalias @micahfleeA backdoor is a like a rootkit, in this case the … |
|
|
|
Post #Atl1Y8qx1dOeaaXiq0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Phosphenes @micahflee @dalias It's basically "The Truman show (1998)&… |
|
|
|
Post #Atl1Zgimabu7v3SYQy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee It's... a fucking bootleg copy. With vulnerabilities.Oh, I'm… |
|
|
|
Post #Atl1ZgqE8vrKI8wV2O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sparrows @micahflee I mean, it's GPL — nobody has alleged a licence viol… |
|
|
|
Post #Atl1g0GepUKIHLJd1E by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee And just to be explicit: good work! |
|
|
|
Post #Atl1kmfMpJyBXh9Xd2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee excellent work, thank you! |
|
|
|
Post #Atl1mc8KxTHlSGZlyK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee tl:dr It seems to contain hard-coded credentials. |
|
|
|
Post #Atl1ty5bj037Zqo21g by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sparrows Bootlegged from their own website?@micahflee |
|
|
|
Post #Atl1ugvZ1BkmdjS97Q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee How is this getting worse? It's almost impressive. |
|
|
|
Post #Atl1w0GyZu0gvb5tEu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@apicultor @micahflee Fair, 'bootleg' isn't really an applicable te… |
|
|
|
Post #Atl2B67596FbNxfClc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sparrows @micahflee sure but if we're honest with ourselves using a bootle… |
|
|
|
Post #Atl2Becopbq6QEm1xI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Wait, so they aren't even using the official version?!This is du… |
|
|
|
Post #Atl2BeiqTCeyivaqLg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@chiraag Per a Reuters photo in the earlier blog post, the answer would be no.@… |
|
|
|
Post #Atl2DJk9RLuCEnzqBU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee nice blog post! They are as responsible as a third grader. |
|
|
|
Post #Atl2F04HYznrnMDO08 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee I don't doubt it. |
|
|
|
Post #Atl2H25j0npAeJrJk8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee what a time to be alive. Thanks a lot for all for this. It is both f… |
|
|
|
Post #Atl2TcuNx7oIJJYmzw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee any access to or more ideas about the “connectors” used for the … |
|
|
|
Post #Atl2XXpUmHHjiW8oc4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@zbrown @micahflee Thinking about it, and glancing at the README, it looks like… |
|
|
|
Post #Atl2YFnDK7bW4BPcAK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Thank you for digging into this! |
|
|
|
Post #Atl2w33WKa4DVtNxrc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Looks like a GPL violation, as it seems to use some "androidcop… |
|
|
|
Post #Atl2wLGwbPV40jnwHo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Phosphenes @micahflee I haven't analyzed it but presumably the Israeli com… |
|
|
|
Post #AtlPYFV4i1xS6YtWYS by [email protected] |
|
0 likes, 3 repeats |
|
|
|
TeleMessage, the Israeli company that makes the modified Signal app used by Tru… |
|
|
|
Post #AtlTJFZUYt3Fna422y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@micahflee inevitably... 😐 |
|
|
|
Post #AuGG8xcz94PLkQDdsO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Maybe it's just me, but the parent company name almost matching … |
|
|
|
Post #AuGG90HTHVytyZB0G8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Micah, lmao. Micah. |
|
|
|
Post #AuGG90OCsTMwJSKNl2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@starchy @micahflee If I saw Micah sniffing around my shitty Signal clone, I wo… |
|
|
|
Post #AuGG9ATXNVZhastmSG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Trump Org, er, Govt: Fuck-up after fuck-up. |
|
|
|
Post #AuGG9JeVG6h63V6AIS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee 'an obscure Israeli company that sells modified versions of Sign… |
|
|
|
Post #AuGG9YixDqAQneIQoi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@micahflee Why I am not surprised..? |
