“Though the exploitation strategies won’t be sophisticated (therefore the low rating), the end result—entry to plaintext chat logs regardless of assertions of end-to-end encryption—constitutes a severe breach of confidentiality, which is important for a safe messaging service, particularly one that will deal with delicate communications,” Schwake famous.
CISA’s recommendation for businesses and companies to keep away from utilizing TeleMessage doubtless stems from this confirmed real-world exploitation and its important influence on information privateness, whatever the technical rating, he added.
Authorities officers are particularly susceptible
“This vulnerability was most probably added to the KEV record because of the reported use of TeleMessage by authorities officers,” Thomas Richards, infrastructure safety apply director at Black Duck, instructed CSO in a remark.
