Chat App Used by Trump Admin Suspends Operation Amid Hack

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach exposed messages and backend data.

A data breach has exposed security flaws and sensitive information in TM SGNL, a chat app developed by the Israeli-US company TeleMessage. The firm is known for providing modified versions of encrypted messaging apps such as Signal, WhatsApp, Telegram, and WeChat, to the US government.

This alleged breach, first reported by 404 Media, involved a hacker gaining access to archived messages, including direct and group chats. As a result, the company has temporarily suspended its operation.

The hack raises serious concerns about the security of communications at the highest levels of the US government, particularly as former National Security Advisor Mike Waltz was recently seen using TM SGNL during a cabinet meeting with President Trump.

This sparked immediate scrutiny since unlike Signal, TM SGNL is not available on public app stores. At the time of writing, TeleMessage’s official website remains online, but all references to the app, its services, and related activity have been removed.

Reportedly, Smarsh, TeleMessage’s corporate owner, is currently rebranding the service as Capture Mobile. However, the Wayback Machine shows the website’s archive pages and installation guide for both iOS and Android devices.

The Hacker Remains Anonymous

The hacker, who remains anonymous, claimed to have breached TeleMessage’s backend infrastructure in a mere “15-20 minutes,” highlighting the ease of access. The stolen data includes message contents, contact information of government officials, usernames and passwords for TeleMessage’s backend panel, and indications of client agencies and companies.

The companies include Customs and Border Protection (CBP) and cryptocurrency giant Coinbase. However, it was confirmed that the hacker did not obtain messages from Trump cabinet officials or Waltz himself.

Analysis Reveals Critical Flaws in TM SGNL

Software engineer Micah Lee, who managed to analyse the app’s source code uncovered serious vulnerabilities, including hardcoded credentials. While the nature of the hardcoded credentials was not specified, their presence indicates a serious security flaw.

Furthermore, TeleMessage modifies Signal to add message archiving capabilities, a feature likely used by government officials for record-keeping compliance. However, this modification involves storing decrypted messages on a cloud server, creating a potential security risk.

The main issue is that messages are only encrypted within the app and not end-to-end secured during archiving. They are decrypted and stored in plaintext on TeleMessage’s servers, which are vulnerable to unauthorized access.

The hacker confirmed that the breached server was the same Amazon Web Services (AWS) server used for message archiving, confirming the vulnerability.

A Signal spokesperson reiterated that the company “cannot guarantee the privacy or security properties of unofficial versions of Signal,” further emphasizing the risks associated with modified apps like TM SGNL

The incident highlights the continued use of apps like Signal and TM SGNL by government officials, despite the availability of secure communication systems, raising questions about their choice and the risky assumptions they make about smartphone app security. It also highlights the need for a thorough reassessment of government officials’ communication tools, particularly those involving sensitive information and record-keeping regulations.