Signal App Clone Used by Trump Officials Was Hacked in Under 30 Minutes
The security of U.S. government officials' communications has come under the spotlight again after a modified Signal app used to archive data from third-party messaging apps was hacked in less than 30 minutes. The app in question is a cloned version of Signal made by an Israeli company called TeleMessage, which claims to modify encrypted messaging applications so their messages can be archived securely.
TeleMessage hit the headlines Friday when a Reuters journalist took a photo of former U.S. National Security Adviser Mike Waltz's smartphone during a cabinet meeting. The photo revealed Waltz was using an unofficial version of Signal, apparently to message other White House officials. The photo showed the screen of Waltz's smartphone and clearly revealed message threads labeled "JD Vance," "Rubio" and "Gabbard."
The app looks much like the encrypted messaging platform Signal, which has been approved for government use, but it was later revealed to be a “fork” that makes adjustments to its code so it can archive messages. TeleMessage markets itself to government agencies and businesses, claiming that it offers them a simple way to archive messages from encrypted platforms such as Signal and WhatsApp.
U.S. government officials are required to preserve their communications to comply with data retention laws. However, those laws create a challenge, because officials also have to adhere to stringent security protocols. They’re essentially required to communicate within a private “intranet” that’s closed off from the rest of the digital world to minimize the risk of security breaches.
TeleMessage says it works by making clones of the official apps. In a video posted on YouTube, it says it can keep Signal's end-to-end encryption and other security measures fully intact. Normally, when using Signal, the encryption ensures that only the sender and intended recipient of a messaging can read its contents.
TeleMessage appears to get around this by adding a third party to conversations, so it can send those messages to a storage archive. “The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the company says in its video. But despite the company's claims, the hack shows that TeleMessage is unable to maintain the same level of security as Signal, which has been widely praised by cybersecurity experts.
The Breach
The breach was first reported by 404 Media, which said the hacker was able to make off a trove of data relating to the U.S. Customs and Border Protection agency, the cryptocurrency firm Coinbase Global Inc., and various other financial institutions that appear to be using the TeleMessage clone.
It also revealed snippets of a conversation among Democratic lawmakers discussing their opposition to a controversial new cryptocurrency bill:
The hacker did not identify any messages from White House cabinet officials, but the incident demonstrates that the archived chat logs stored by TeleMessage are not fully encrypted when sent from the cloned app to the end server where they’re archived.
The server in question is said to be hosted by Amazon Web Services Inc. 404 Media separately confirmed that TeleMessage uses AWS endpoints in Northern Virginia after reviewing the source code of the modified Signal app.
It also confirmed that the server is online by simply visiting its website, and that this lack of security has put sensitive information at risk.
The Consequences
This breach highlights the risks associated with using unofficial messaging apps, even if they claim to be secure. It also raises questions about the effectiveness of TeleMessage's security measures and how it plans to address these vulnerabilities.
Furthermore, this incident could have significant consequences for national security, as sensitive information was potentially compromised during the hack.
The Response
TeleMessage has not yet commented on the breach or its response to the hacking. However, in light of this incident, it is clear that more needs to be done to ensure the security of these types of apps and the data they contain.
Regulatory bodies and government agencies will likely need to take a closer look at TeleMessage's practices and provide guidance on how to improve their security measures. Additionally, users of Signal and other messaging apps should remain vigilant and monitor for any signs of suspicious activity.