back to article Messaging app used by Trump aides 'riddled with security bugs'

Security researchers have discovered multiple vulnerabilities in Confide, the encrypted messaging app reportedly used by President Donald Trump's aides to speak to each other in secret. IOActive reported flaws it had discovered in Confide to the app's developers, who responded promptly by patching the application, allowing …

  1. Hollerithevo

    Investigate, then lock them up

    This sort of security breach shows disrespect to the American people (Trump-speak).

    What was good enough for Hillary is good enough for them.

  2. Anonymous Coward
    Anonymous Coward

    We have the best Apps...

    You're not gonna believe how good the Apps will be. Apps are making America great again. You better believe how good these Apps are.

    Who are you to tell me these aren't the best Apps, you terrorist bitch with fake news...

    1. Chemical Bob
      Thumb Up

      Re: We have the best Apps...

      ...they have YUUUUGE, YUUUUUGE security holes. The Best security holes. We're gonna Make Security Holes Great Again!

  3. Rich 11

    Простите, друг, прибыль...

    ...is there a Russian-language version?

  4. Your alien overlord - fear me

    Good to see they saw IOActive breaking their system in real-time before IOActive contacted them. They were doing something right at least :-)

  5. Lee D Silver badge

    Sigh, as always totally missing the point.

    It's like a checklist of things only present if you have no care for security except as an afterthought, which is pretty serious for a "secure" messaging service.

    "Not only have these issues been addressed, but we also have no detection of them being exploited by any other party."

    That would require you LOOKING and BEING ABLE to tell they were happening. You didn't see the guys doing it when they were initially building their tests and reports, so why would you suddenly detect them now.

    You are failing best practices, before you even made a single line of code.

    1. Frank Marsh

      Epic FAIL

      So tell me again why anyone would use a me-too product like this, which has no actual cryptographers on staff? Cryptography is hard, and these bozos aren't even getting to the cryptography - they're forgetting to check for valid SSL certificates.

  6. Anonymous Coward
    Anonymous Coward

    Umm, hang on..

    Isn't there a requirement for anyone in officialdom to have their conversations recorded for posterity?

    Oh, sorry, I forgot. Rules only apply to others in the Trump presidency. That said, it surely is some sort of record that a serious publication already uses the word "impeachment" after only 67 days in office..

    1. Charlie Clark Silver badge

      Re: Umm, hang on..

      I thought it was only 47 days? At least that's what Kate Bolduan told me last night: good show, excellently anchored. Oh, hang on. Can't trust them journalists can you? I hope someone respectable on social media (oxymoron?) has some more reliable kind of clock. Like one that runs only when the government isn't being obstructed by Congress or the courts or simlar (pace Idi Amin).

      1. Anonymous Coward
        Anonymous Coward

        Re: Umm, hang on..

        No, you're right. Never drink and derive. So it's even worse then in terms of days on the job.

        That, however, doesn't appear to be all. I just watched a rundown on the whole Russian thing and it appears that impeachment might be the minor thing on the cards given how actively they are alleged to have colluded with the Russians on subverting the election (apparently, there is a suspicion the very reason Trump started the Obama allegation tweets was to distract from that investigation).

        If even half of what is being reported on MSNBC is true, it appears the US may be heading towards investigations into treason if any of the Republicans miraculously regain a conscience (and if Trump doesn't quickly instigates a war to distract people). What a scary mess.

        1. Charlie Clark Silver badge

          Re: Umm, hang on..

          I just watched a rundown on the whole Russian thing and it appears that impeachment might be the minor thing on the cards given how actively they are alleged to have colluded with the Russians on subverting the election

          Don't credit them with too much intelligence or competence. While their interests may have temporarily been aligned with those of the Russians and the Russians were only too happy to meddle, I think it's easy to see a conspiracy where there isn't one. Trump really only cares about his image, his money and his family.

          is a suspicion the very reason Trump started the Obama allegation tweets was to distract from that investigation

          Almost certainly. That, and he was bored in Florida. Not instructing the Justice Department to investigate is the real give away.

          What a scary mess.

          Have to agree with you on that. Someone in the GOP has to grow a pair about this (can't see it being Pence, Priebus or McConnell). I think stronger resistance may come from the more professional part of the cabinet, though I'm not sure how I feel about the armed forces gaining too much influence.

          1. Anonymous Coward
            Anonymous Coward

            Re: Umm, hang on..

            I think if there's something there, and the FBI is able to make its case even relying on classified data so they can't prove it to the satisfaction of Trump voters (not sure if anything could, he might have been right about shooting someone on Fifth Avenue...) the adults in the room like McCain and even spineless Ryan will fall into line and there would be enough of them along with unanimous democrat support to impeach/convict. That would have happened to Nixon, had he not resigned, but I don't think anyone believes Trump would resign - he'd just lock himself in the oval office, watch Fox News, and tweet in anger, blaming everyone but himself, as the roll call vote went against him.

            While the congressional republicans are pretty solidly behind him now, that's because he's their president and their way of getting their legislative aims accomplished. Most of them didn't want him as the nominee, and would probably vote today to remove him and elevate Pence to president if they could do it via secret ballot. They are currently afraid to criticize him for fear of angering the voters who have supported Trump from day one. However, there are enough house and senate republicans in districts/states with fewer Trump supporters who wouldn't have to worry about losing their seat to their anger who can act, while they allow their colleagues who fear such reprisals to make hollow statements of support for Trump even as they cooperate behind closed doors to insure the vote goes against him.

            In the long run, anyone with presidential aspirations down the road is not going to want to see the party torn apart, and it isn't like ousting Trump would hand power to Hillary. They'll get Pence, who many of them would have preferred in the first place if they had the choice. Personally I despise Pence for his holier-than-thou attitudes, but at least he's smart, sincere and most of all not batshit crazy like Trump, so I'd consider him a massive upgrade for the oval office. He would probably take office with record high approval ratings, simply for not being Trump.

            1. Anonymous Coward
              Anonymous Coward

              Re: Umm, hang on..

              I don't think anyone believes Trump would resign - he'd just lock himself in the oval office, watch Fox News, and tweet in anger, blaming everyone but himself, as the roll call vote went against him.

              What's the punishment for treason? Gitmo? Or worse, cancellation of his Twitter account?

  7. Charlie Clark Silver badge

    As if the software is the only thing to worry about…

    In any system that is worried about information being compromised — we note that leaks can be both the work of great patriots and despicable spies (or is it vice-versa) — the technology is rarely the biggest problem, the people are.

    Lovely weather here.

  8. JaitcH
    FAIL

    Is this the answer to . . .

    Trump's complaints about leaks from the White House?

    Should have stuck with Telegram or Signal.

  9. Winkypop Silver badge
    Devil

    "Users were permitted to choose short, easy-to-guess passwords."

    "great"

    You just know he would....

  10. Anonymous Coward
    Anonymous Coward

    jesus christ

    those are some pretty fuckwitted 'flaws'. I'd put them in the 'our app has been written by morons' camp.

    black box testing/hacking can only discover so much - If I am working with a company and find those sort of issues in an app, I can with a high degree of certainty, conclude that every single line of code will be similarly shit. probably written offshore by people who 'university' education's courses included 50% work praying to 4000 different gods....

    1. Swarthy
      Headmaster

      Re: jesus christ

      every single line of code will be similarly shit. probably written offshore by people who 'university' education's courses included 50% work praying to 4000 different gods....
      Good lord AC! I tried to edit that last sentence to make it coherent and remove the xenophobia, but I cannot turn it into something readable and recognizable at the same time. so here's one that isn't all that close:
      [The software was] probably written offshore by people who's university 'education' was at least 50% making sure to pay the right "Facilitators".
      Nothing wrong with a bit of polytheism, but graft and bribery as part of a degree process - That we can all agree is problematic and is more likely to turn out crap code(rs).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like