The ​messaging application TeleMessage signal,utilized‌ by at ⁤least one prominent official from the trump governance for message archiving,has reportedly encountered security breaches⁣ that highlight significant vulnerabilities. This has led its parent company to suspend services temporarily while an investigation⁣ is​ underway. Recent findings from journalist and cybersecurity expert Micah Lee ‍indicate that TM Signal’s archiving capabilities may fundamentally ‌compromise the⁣ app’s core⁤ security promises. Specifically, it appears that⁢ messages are transmitted between the app and a user’s archive without end-to-end encryption, rendering users’ communications accessible to TeleMessage.

Lee undertook a extensive ‌analysis of TM Signal’s Android source code to evaluate its design and security features. In partnership with 404 ​Media, he‌ had previously reported on ⁤a hack involving TM Signal over the weekend, which exposed‍ user messages⁣ and other sensitive information—suggesting that some data⁣ was being transmitted unencrypted or in plaintext at ‍times within the​ service.This ⁢revelation contradicts TeleMessage’s marketing claims asserting that TM Signal provides “End-to-End encryption from​ mobile⁢ device to corporate ⁣archive.” ⁢According to Lee’s latest findings, though, it is indeed evident that TM Signal ⁣lacks true end-to-end encryption and allows the company access to users’ chat content.

“The existence of plaintext logs validates my concerns,” Lee stated in an ⁣interview with ‌WIRED. “The ease with which someone ⁢could breach the archive server ‌and TM Signal’s glaring lack of‍ overall security was more alarming than I anticipated.”

TeleMessage is an Israeli company that‍ acquired US-based digital communications archiving firm Smarsh last year. Although TeleMessage ‍operates as ​a federal contractor, its consumer applications are not authorized for ⁢use under the‌ Federal Risk and Authorization Management Program (FedRAMP) established​ by the US government.

Smarsh did⁤ not respond to WIRED’s inquiries regarding Lee’s discoveries but acknowledged on Monday: “TeleMessage⁢ is investigating what appears to be a ⁣security incident. Upon detection of this issue,we acted swiftly to contain it and have engaged an external cybersecurity firm for further investigation.”

The implications of Lee’s⁤ findings are significant for all customers using TeleMessage but hold⁢ particular weight given that TM Signal was used by former National Security Adviser Mike Waltz during his tenure under President Donald Trump. He was⁣ photographed last week using this ‍service during a cabinet ‍meeting alongside other high-ranking officials⁤ such ⁣as ‍Vice‌ President JD Vance, Director of National Intelligence Tulsi Gabbard, and Secretary of ​State‍ Marco Rubio. The functionality of TM Signal closely resembles that of genuine Signal; thus messages exchanged in chats involving any user utilizing either platform can ​be accessed irrespective if all participants are ‌using only⁣ one or both apps.

Lee discovered that TM Signal stores conversation records locally on users’ devices before‍ transmitting them ‍directly to an archive server for ⁢long-term storage—ofen as plaintext chat logs based on his examinations conducted during research sessions. His analysis confirmed‌ access ​by the archive server to these unencrypted chat logs.

The​ data extracted from⁤ TeleMessage’s⁤ compromised archive included chat histories along with usernames and plaintext passwords—alongside personal encryption keys.

A letter⁣ issued on Tuesday by ⁢US‌ Senator Ron‍ Wyden urged the Department of Justice (DOJ) to ‌investigate TeleMessage due to​ concerns about national security risks ⁣associated with their services: “This poses a serious threat,” he​ asserted.

“Government agencies employing TeleMessage Archiver have​ made one of their worst possible‌ choices,” Wyden remarked further in⁣ his statement. “They’ve provided their personnel something resembling trusted interaction tools like those ⁢offered by Signaling apps; however they’ve instead equipped⁣ senior officials with subpar alternatives posing numerous severe risks related both directly towards national safety as well counterintelligence operations.” The dangers posed⁢ by using telemessage ⁢Archiver should not be underestimated.”