The communication application Signal telemessage, used by at least a senior Trump administration official to archive the messages, would have already undergone violations that illustrate security defects and have led his parent company to impose a service break this week while waiting for the investigation. From now on, according to the new detailed discoveries of the journalist and security researcher Micah Lee, the archiving function of TM Signal seems to fundamentally compromise the signal flagship safety guarantees, sending messages between the application and the archives of the messages of a user without encryption from end to finish, thus making user communications accessible to shell.
Lee carried out a detailed analysis of the Android source code of TM signal to assess the design and safety of the application. In collaboration with 404 Media, he had previously pointed out a TM signal hack over the weekend, which revealed certain user messages and other data – a clear sign that at least certain data were sent unacline, or in clear text, at least part of the time within the service. This alone would seem to contradict the telemessage marketing statements that TM Signal offers a “end -to -end encryption of the mobile phone at the company archives”. But Lee says that his latest discoveries show that the TM signal is not encrypted from start to finish and that the company could access the content of user cats.
“The fact that there are clear text newspapers confirms my hypothesis,” Lee told Wired. “The fact that the archive server was so trivial for someone to hack, and that the TM signal had such an incredible lack of basic security was worse than what I expected.”
Telemessage is an Israeli company which ended its acquisition last year by the archiving of digital communications based in the United States Smarsh. Telemessage is a federal entrepreneur, but the consumption applications he offers are not approved for use within the framework of the Federal Risk Management and Authorization of the US Government, or Fedramp.
Smarsh did not return Wired’s requests for comments on Lee’s conclusions. The company said on Monday: “Telemessage survey a potential security incident. During the detection, we acted quickly to contain it and initiate an external cybersecurity company to support our investigation. ”
Lee’s conclusions are probably important to all Telemessage users, but are of particular importance since the TM signal was used by the now formidable national security advisor by President Donald Trump, Mike Waltz. He was photographed last week using the service at a meeting of the cabinet, and the photo seemed to show that he was communicating with other senior officials, including vice-president JD Vance, American director of national intelligence Tulsi Gabbard, and what seems to be the American secretary of state Marco Rubio. The TM signal is compatible with the signal and would exhibit messages sent in a conversation with someone using the TM signal, that all participants use it or that some use the authentic signal application.
Lee noted that the TM signal is designed to record signal communication data in a local database on the user’s device, then send it to an archive server for long -term retention. The messages, he says, are sent directly to the archive server, apparently in the form of cat newspapers in clear text in the cases examined by Lee. The realization of the analysis, he says, “confirmed that the archive server has access to cat newspapers in clear text.”
Data from the telemessage archive server in hacking included chat newspapers, user names and clear text passwords, and even private encryption keys.
In a letter Tuesday, American senator Ron Wyden called on the Ministry of Justice to investigate Telemessage, alleging that it is “a serious threat to the national security of the United States”.
“Government agencies that adopted Archive Telemessage have chosen the worst option,” wrote Wyden. “They gave their users something that looks like and feels a signal, the most reliable secure communication application.
