While the world is still talking about the recent WikiLeaks reveal involving the CIA's hacking of Android and iOS devices, it looks like the White House is facing its own privacy issues. A recent report has revealed that the end-to-end encrypted messaging app, Confide, which has grown popular among White House officials under Trump's Administration, has some bugs that can render it potentially vulnerable.
Security researches at Seattle-based IOActive have discovered a number of critical flaws in the app that can allow hackers to intercept messages before the user decrypts them. The app's popularity is based on its military-grade encryption and the ability to self-destruct messages once read, leaving no trace of it on the Internet or server.
IOActive security researchers Mike Davis and Ryan O'Horo reported after an audit last month that an attacker could intercept the messages while they are in transit. If breached, the hacker can impersonate a user by hijacking their account or by guessing their password and gain access to the Confide user's address book. The attacker can also decrypt or change the contents of the message before it reaches the recipient.
The team at Confide have since reportedly fixed some of the flaws that were reported after the audit. As of now, it is still not known whether the flaws discovered have been used by hackers and whether some Confide users have been targeted already. The researchers were able to access around 7,000 Confide accounts, which included a member of Trump administration and some Department of Homeland Security employees.
Confide has said that "not only have these issues been addressed, but we also have no detection of them being exploited by any other party," in a statement to The Register.
Researchers at Axios last month revealed that a number of members in Trump's Administration have downloaded Confide. The disappearing message feature of the app also means that communication between the members cannot be archived, which is something that is mandatory for White House officials.
The recent WikiLeaks documents told us that the CIA had the tools to hack into messaging apps like WhatsApp, Telegram and others, if the underlying device that hosted them was hacked. With a supposedly "confidential messenger" app like Confide also facing privacy issues, there seems to be no app that is safe from being breached. This raises a serious concern as to how far users are left vulnerable and whether they are risking it all when communicating online.