On Thursday, an image surfaced, reported by Reuters, showing former U.S. national security adviser Mike Waltz checking his phone during a cabinet meeting led by President Trump at the White House. Upon closer examination of the image, it appears that Waltz was utilizing an end-to-end encrypted messaging application, initially recognized as Signal. However, further scrutiny reveals a notification referring to the app as “TM SGNL,” indicating that Waltz was actually using TeleMessage Signal, an Israeli-developed application, to communicate with several high-profile U.S. officials, including JD Vance, Marco Rubio, and Tulsi Gabbard.
In the wake of senior cabinet members from the Trump administration coordinating military actions via disappearing messages on Signal, the so-called “SignalGate” scandal emerged. This incident raised serious concerns regarding breaches of established operational security protocols and compliance with federal records-retention regulations. Waltz played a pivotal role, having created a group chat dubbed “Houthi PC Small Group” which inadvertently included a journalist from The Atlantic. Following the incident, Waltz acknowledged his responsibility, stating, “I built the group,” while promising that technical experts were investigating the matter.
Despite the naming similarities, SignalGate was unrelated to the actual Signal app. The latter functioned normally; the misuse arose from sensitive conversations occurring on an inappropriate platform that should have employed more secure federal systems. While Signal is designed for privacy, offering robust protections for communication, the choice of TeleMessage Signal—presumably made to meet data retention requirements—compromised security, potentially opening multiple vulnerabilities for adversaries to exploit.
Jake Williams, a former NSA hacker and current vice president of research and development at Hunter Strategy, expressed disbelief over the federal government’s reliance on Israeli technology for sensitive communications. He remarked, “It’s mind-blowing that the federal government is using Israeli tech to route extremely sensitive data for archival purposes,” highlighting the exposed risks that come with such decisions.
Founded in Israel by former IDF technologists, TeleMessage operated there until its acquisition last year by the U.S. digital archiving firm Smarsh. The platform is designed to duplicate various communication applications and includes a “mobile archiver” tool to log and store messages communicated through these apps.
According to its website, TeleMessage facilitates the capture, archiving, and monitoring of various mobile communications, including WhatsApp, WeChat, and Signal. While it claims to maintain encryption, the existence of a corporate archive inherently undermines the security that end-to-end encryption seeks to provide, exposing communications to potential breaches.
The combination of mismanaged technology use and sensitive discussions has significant implications for operational security within government communications. Recent incidents like these underscore the importance of adhering to security protocols. Breaches could potentially leverage a range of tactics aligned with the MITRE ATT&CK framework, such as initial access and persistence, resulting from careless practices in using communication tools that lack adequate security measures.
As businesses become increasingly aware of potential threats from similar vulnerabilities, this incident serves as a critical reminder about maintaining rigorous cybersecurity protocols and the need for vigilance in communication practices.
