Signal app clone used by Trump officials was hacked in less than 30 mins – News

The security of U.S. government officials’ communications has come under the spotlight again after a modified Signal app used to archive data from third-party messaging apps was hacked in less than 30 minutes.

The app in question is a cloned version of Signal made by an Israeli company called TeleMessage, which claims to modify encrypted messaging applications so their messages can be archived securely.

TeleMessage hit the headlines Friday when a Reuters journalist took a photo of former U.S. National Security Adviser Mike Waltz’s smartphone during a cabinet meeting. The photo revealed Waltz was using an unofficial version of Signal, apparently to message other White House officials.

The photo showed the screen of Waltz’s smartphone and clearly revealed message threads labeled “JD Vance,” “Rubio” and “Gabbard.” The app looks much like the encrypted messaging platform Signal, which has been approved for government use, but it was later revealed to be a “fork” that makes adjustments to its code so it can archive messages.

TeleMessage markets itself to government agencies and businesses, claiming that it offers them a simple way to archive messages from encrypted platforms such as Signal and WhatsApp.

U.S. government officials are required to preserve their communications to comply with data retention laws. However, those laws create a challenge, because officials also have to adhere to stringent security protocols. They’re essentially required to communicate within a private “intranet” that’s closed off from the rest of the digital world to minimize the risk of security breaches.

TeleMessage says it works by making clones of the official apps. In a video posted on YouTube, it says it can keep Signal’s end-to-end encryption and other security measures fully intact. Normally, when using Signal, the encryption ensures that only the sender and intended recipient of a messaging can read its contents. TeleMessage appears to get around this by adding a third party to conversations, so it can send those messages to a storage archive.

“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the company says in its video.

But despite the company’s claims, the hack shows that TeleMessage is unable to maintain the same level of security as Signal, which has been widely praised by cybersecurity experts.

The breach was first reported by 404 Media, which said the hacker was able to make off a trove of data relating to the U.S. Customs and Border Protection agency, the cryptocurrency firm Coinbase Global Inc., and various other financial institutions that appear to be using the TeleMessage clone. It also revealed snippets of a conversation among Democratic lawmakers discussing their opposition to a controversial new cryptocurrency bill:

The hacker did not identify any messages from White House cabinet officials, but the incident demonstrates that the archived chat logs stored by TeleMessage are not fully encrypted when sent from the cloned app to the end server where they’re archived. The server in question is said to be hosted by Amazon Web Services Inc. 404 Media separately confirmed that TeleMessage uses AWS endpoints in Northern Virginia after reviewing the source code of the modified Signal app. It also confirmed that the server is online by sending an HTTP request.

The incident raises serious questions about what kinds of secrets may have been discussed by cabinet officials using the app, and how the archived data is being secured. It comes just weeks after it was revealed that some top U.S. officials were using the official Signal app to discuss military operations.

According to 404 Media, the hacker said he was able to breach TeleMessage’s system in about 15 to 20 minutes. He claimed that he targeted the company after learning about it from earlier media reports, saying he was “just curious” about how secure its cloned apps really are.

The hacker added that he chose not to disclose the issue to TeleMessage first, because he was worried the company might try to cover it up. “It wasn’t much effort at all,” the hacker said. “If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?”

404 Media said TeleMessage Chief Executive Guy Levit declined to comment on the report, which is likely to be extremely damaging for his company. Public records reveal that TeleMessage has contracts with dozens of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.

Image: News/Dreamina