Unofficial Signal App Used by Trump Officials Investigates Hack
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. The company, which provides messaging archiving services for businesses and government entities, including tools to archive messages exchanged via popular messaging apps like Telegram, WhatsApp, WeChat, and Signal, claims to have been the victim of a "potential security incident" that prompted it to take swift action.
"TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation," a company spokesperson told BleepingComputer. "Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational. We are committed to transparency and will share updates as we are able. We thank our customers and partners for their trust and patience during this time."
The suspension comes after a report by 404 Media revealed that a hacker breached TeleMessage and gained access to direct messages and group chats archived using TM SGNL, TeleMessage's unofficial Signal clone. Former national security adviser Mike Waltz was one of the officials who used the app for archiving Signal messages.
"I would say the whole process took about 15-20 minutes. It wasn't much effort at all," the hacker told 404 Media. "If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it's been vulnerable?" According to the hacker, messages from cabinet members and Waltz were not compromised; however, the extracted data allegedly includes government officials' contact information, some message contents, and TeleMessage back-end login credentials.
While messages from Trump administration officials weren't exposed in the breach, screenshots shared by the hacker link the stolen data to various entities, including U.S. Customs and Border Protection, crypto exchange Coinbase, and several financial services such as Scotiabank. Former The Intercept journalist and software engineer Micah Lee also analyzed the source code of TeleMessage's TM SGNL app and found several vulnerabilities, including hardcoded credentials.
"We cannot guarantee the privacy or security properties of unofficial versions of Signal," a Signal spokesperson told Reuters earlier this week. In contrast, White House deputy press secretary Anna Kelly assured NBC News that "Signal is an approved app for government use and is loaded on government phones." The incident highlights the risks associated with using unofficial messaging apps to archive sensitive data.
Related Stories:
Top 10 MITRE ATT&CK Techniques Behind 93% of Attacks
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
Ascension discloses new data breach after third-party hacking incident
France ties Russian APT28 hackers to 12 cyberattacks on French orgs