Latest news with #TMSignal
Arabian Post
07-05-2025
- Business
- Arabian Post
Messaging App Breach Exposes Security Flaws in Government Communications
TeleMessage, a messaging application employed by former U.S. National Security Adviser Mike Waltz, has suspended its services following a cyberattack that compromised sensitive government and corporate data. The breach has intensified scrutiny over the use of unofficial communication tools within high-level government operations. The application, known as TM Signal, is a modified version of the open-source Signal platform, developed by Israeli company TeleMessage and later acquired by U.S.-based Smarsh. Unlike the original Signal app, TM Signal includes an archiving feature that stores messages in plaintext, rendering them accessible to TeleMessage and, as the breach revealed, to unauthorized parties. This design choice undermines the end-to-end encryption that Signal is known for, raising significant security concerns. The cyberattack reportedly allowed hackers to access TM Signal's backend infrastructure within minutes, exposing unencrypted chat logs, usernames, passwords, and encryption keys. The compromised data includes communications from various government agencies and corporations, though it remains unclear whether classified information was among the leaked content. The incident has prompted TeleMessage to suspend its services and initiate an investigation with the assistance of an external cybersecurity firm. The breach has drawn attention to the use of TM Signal by senior government officials, including Waltz, who was photographed using the app during Cabinet meetings. The application's resemblance to the official Signal app has been criticized as misleading, potentially giving users a false sense of security. Security experts have pointed out that TM Signal is not authorized under the U.S. government's Federal Risk and Authorization Management Program , which sets standards for secure cloud services. See also Tensions Escalate as India and Pakistan Approach Breaking Point The incident follows a previous controversy involving Waltz, who inadvertently added a journalist to a Signal group chat discussing U.S. military operations in Yemen. The group included high-ranking officials such as Vice President JD Vance and Secretary of State Marco Rubio. The leak of this conversation raised alarms about the handling of sensitive information and led to calls for Waltz's resignation. In response to the breach, Senator Ron Wyden has called for a Department of Justice investigation into TeleMessage, citing national security risks associated with the app's vulnerabilities. The senator emphasized the need for transparency and accountability in the use of communication tools by government officials. The White House has defended the use of Signal for official communications, stating that it is an authorized application installed on government-issued devices. However, the use of modified versions like TM Signal has raised questions about compliance with security protocols and the potential for unauthorized data access. The breach has also highlighted the broader issue of digital hygiene among government personnel. The use of unofficial or altered communication applications can introduce vulnerabilities that compromise the confidentiality and integrity of sensitive information. Experts have stressed the importance of adhering to approved communication platforms that meet established security standards.
WIRED
05-05-2025
- Business
- WIRED
Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
May 5, 2025 5:24 PM The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz's phone, has suspended 'all services' as it investigates reports of at least one breach. US National Security Adviser Mike Waltz checks his mobile phone while attending a cabinet meeting at the White House on April 30, 2025. Photograph: Evelyn Hockstein/Reuters The messaging app used by at least one top Trump administration official has suspended its services following reports of hackers stealing data from the app. The company, TeleMessage, says it is now investigating the incident. 'TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation,' a Smarsh spokesperson tells WIRED in a statement. 'Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational.' President Donald Trump's now-former national security adviser Mike Waltz was captured by a Reuters photographer last week using an unauthorized version of the secure communication app Signal—known as TeleMessage Signal or TM Signal—which allows users to archive their communications. Photos of Waltz using the app appear to show that he was communicating with other high-ranking officials, including Vice President JD Vance, US Director of National Intelligence Tulsi Gabbard, and US Secretary of State Marco Rubio. Experts told WIRED on Friday that, by definition, TM Signal's archiving feature undermined the end-to-end encryption that makes the actual Signal communication app secure and private. 404 Media and independent journalist Micah Lee reported on Sunday that the app had been breached by a hacker. NBC News reported on Monday that it had reviewed evidence of an additional breach. TeleMessage was founded in Israel in 1999 and was acquired last year by the US-based digital communications archiving company Smarsh. TeleMessage makes apparently unauthorized versions of popular communications apps that include archiving features for institutional compliance. But the company claims that its lookalikes have the same digital defenses as their legitimate counterparts, potentially giving users a false sense of security. Waltz's app usage came under intense scrutiny last month after he appeared to have added the editor-in-chief of The Atlantic to a Signal group chat in which Trump administration officials discussed plans for a military operation. Dubbed SignalGate, the scandal ultimately preceded Waltz's ouster as national security adviser. President Trump said last week that he plans to nominate him to be ambassador to the United Nations. TeleMessage apps are not approved for use under the US government's Federal Risk and Authorization Management Program, or FedRAMP, and yet they seem to be proliferating. Leaked data reportedly from TM Signal indicates that multiple US Customs and Border Protection agents may be using the Signal lookalike. When asked about the breach and whether CBP officers use TM Signal, the agency tells WIRED, 'We're looking into this.' After a number of reports by Lee and 404 Media over the weekend, TeleMessage removed all content from its website on Saturday and took down their archiving service on Sunday. 'We are committed to transparency and will share updates as we are able,' the Smarsh statement adds. 'We thank our customers and partners for their trust and patience during this time.' Since the revelation last week that Mike Waltz appeared to be using TM Signal, experts have feared that information shared on the app could jeopardize US national security.
