Researcher finds security flaw in French government's chat app
Tchap was launched on April 17 and was meant to allow government officials to securely contact other officials working for the French government. Access to the app is meant to be limited only to those with French government email addresses.
Security researcher Baptiste Robert, known on Twitter as Elliot Alderson or @fs0c131y, found a way to bypass that restriction.
Tchap is a fork (a divergent branch developed from an existing piece of software) based on an open-source project known as Riot, which itself is based off an end-to-end encrypted messaging protocol known as Matrix, which is also open-source. The French agency DINSIC worked with Matrix to develop the application.
Robert found that by modifying his email address to look like it had the ending of a government email address, he could gain access to Tchap.
The French government, in its press release on Tchap, also said it would offer a bug bounty program to improve security. – Rappler.com