Signal clone Mike Waltz is now used to have direct access to user chat

Communication App Communication signals are used At least one Trump administration official To archive the message, it reportedly states that it has become its parent company, with a description of a security flaw. Implement a suspension of service I’m waiting for an investigation this week. Now according to Detailed new survey results From journalist and security researcher Mikary, TM Signal’s archive capabilities appear to fundamentally undermine the flagship security guarantee of signals, sending messages between the app and the user’s message archive without end-to-end encryption, allowing users’ communications to access telemetages.

Lee conducted a detailed analysis of the Android source code of TM signals to assess the design and security of the app. In collaboration with 404 media, he had Previously reported A TM signal hack revealed some user messages and other data over the weekend. This made it clear that at least some of the data is sent in some cases, at least as unencrypted or plain text. This alone seems to contradict Temessage’s marketing claims when TM signals provide “end-to-end encryption from mobile phones to corporate archives.” However, Lee says his latest findings show that the TM signal is end-to-end unencrypted and that the company has access to the content of the user’s chat.

“The fact that there are plain text logs confirms my hypothesis,” Lee tells Wired. “The fact that someone hacked an archive server was very trivial and the TM signal was very lacking in basic security was worse than I had expected.”

Telemessage is an Israeli company that was acquired last year by US-based digital communications archive company Smarsh. Telemessage is a federal contractor, but the consumer app it offers is Not approved For use under the US Government’s Federal Risk and Authorization Management Program, or FedRamp.

Smarsch did not return Wired’s request for comments about Lee’s discovery. “TeleMessage is investigating potential security incidents. Once detected, it acted promptly to contain them, and involved external cybersecurity companies to support the investigation,” the company said on Monday.

Lee’s findings are likely to be important to all telemedge users, but it is particularly important given the use of TM signals by President Donald Trump’s current national security advisor Mike Waltz. He was photographed using the service during a cabinet meeting last week, but the photos appeared to show him communicating with other senior officials, including Vice President J.D. Vance, director of US Intelligent Stalsi Gabbard, and US Secretary of State Secretary Marco Rubio. The TM signal is compatible with the signal and publishes messages sent in chat with someone using the TM signal, whether all participants are using it or some participants use the real signal app.

Lee discovered that TM signals are designed to store signal communication data in a local database on a user’s device and send it to an archive server for long-term retention. According to him, the messages are sent directly to the archive server. This is sent at first glance as a plain text chat log for cases investigated by Lee. We conducted an analysis and confirmed that the archive server has access to plain text chat logs.

Data obtained from the Telemessage archive server in the hack included chat logs, usernames, plain text passwords, and even private encryption keys.

in letter On Tuesday, U.S. Sen. Ron Wyden called on the Department of Justice to investigate the telemessage, claiming it was a “serious threat to US national security.”

“The government agencies that adopted the Telemessage Archiver chose the worst possible option,” Wyden writes. “They gave users what they felt and felt that looked like the signal, the most widely trusted and trusted secure communication app. But instead, government officials are offered tinsel imitations that pose a number of serious security and anti-intellectual threats.