TeleMessage Signal Security Flaws Exposed Amid Breach Investigation
The communication application TeleMessage Signal, reportedly utilized by a senior official within the Trump administration for message archiving, has recently become the center of scrutiny following security breaches that have raised alarming concerns regarding its integrity. An investigation is currently underway, with the parent company temporarily pausing services to address these issues.
Investigative journalist and security researcher Micah Lee has revealed findings indicating that the app’s archiving capabilities contravene its foundational promise of security. Specifically, communication occurring between users on the app and their message archives is transmitted without the protection of end-to-end encryption. This inadequacy potentially exposes user messages to the TeleMessage company, undermining confidentiality.
In a comprehensive review of TM Signal’s Android source code, Lee, in partnership with 404 Media, assessed the application’s design and revealed a hack that disclosed user messages and other sensitive data over the weekend. The breach suggests that certain information was transmitted unencrypted, potentially contradicting TeleMessage’s assertion that its platform offers "End-to-End encryption" from mobile devices to corporate archives. Lee asserts that TM Signal’s entire framework fails to provide such encryption, permitting the company to access user chat contents.
Lee’s analysis deduced that plaintext logs are indicative of significant security weaknesses within TM Signal. He remarked on the simplicity with which the archive server could be compromised, expressing that the app exhibited a troubling lack of basic security measures. The severity of these vulnerabilities was beyond his initial expectations.
TeleMessage, an Israeli firm, was acquired last year by US-based Smarsh, which specializes in digital communications archiving. While TeleMessage operates as a federal contractor, its consumer applications do not have approval for use under the Federal Risk and Authorization Management Program (FedRAMP), raising further questions about its compliance with federal standards.
The implications of Lee’s findings carry weight, particularly given recent revelations that TM Signal was used by Mike Waltz, formerly the national security adviser, during a cabinet meeting. Photographs captured during the event disclosed communications with high-ranking officials, highlighting potential security breaches impacting national security discussions. Messages sent through TM Signal could inadvertently expose sensitive information when interacting with both TM Signal users and those using the authentic Signal application.
The hacker obtained various data from the TeleMessage archive server, including usernames, chat logs, plaintext passwords, and private encryption keys, illustrating a significant breach of security protocols. In light of these developments, U.S. Senator Ron Wyden has urged the Department of Justice to investigate TeleMessage, describing the app as a serious national security threat.
Senator Wyden emphasized that government agencies utilizing TeleMessage Archiver may have inadvertently selected a substandard option masquerading as the trusted Signal application. This situation represents a tangible risk to national security, with implications that reach beyond theoretical concerns.
In this context, various tactics from the MITRE ATT&CK framework may be relevant to this incident. Techniques such as initial access, data exfiltration, and possible privilege escalation are considerations for understanding the methodologies that could have been employed during the breach. Business owners and stakeholders must stay vigilant about potential vulnerabilities within their communication tools, especially those designed to emulate established secure platforms. As investigations proceed, the industry remains on high alert regarding the security postures of digital communication applications.
