An encrypted messaging application, TeleMessage, which gained prominence during the Trump administration, has temporarily halted its services following a significant security breach. The platform, known for archiving messages from applications like Signal, drew attention last week when it was utilized by the recently dismissed national security adviser, Mike Waltz, during a Cabinet meeting. A leaked image of Waltz’s TeleMessage inbox revealed conversations with notable figures including Vice President JD Vance, Secretary of State Marco Rubio, and National Intelligence Director Tulsi Gabbard.
Security Incident Under Investigation
A spokesperson for TeleMessage confirmed the security incident, stating, “TeleMessage is investigating a recent security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation. Out of an abundance of caution, all TeleMessage services have been temporarily suspended.”
The breach was first reported by 404 Media, which verified screenshots and information directly from the hacker involved. While the hacker did not access messages exchanged among Cabinet members, they managed to infiltrate data from Customs and Border Protection, cryptocurrency firm Coinbase, and various financial institutions, including Scotiabank. This incident underscores the inherent risks associated with integrating archiving features into secure, end-to-end encrypted messaging platforms like Signal.
The hacker commented on the ease of the breach, stating, “I would say the whole process took about 15-20 minutes. It wasn’t much effort at all. If I could have found this in less than 30 minutes, then anybody else could too. And who knows how long it’s been vulnerable?”
A spokesperson for Signal responded to the incident, emphasizing that the organization “cannot guarantee the privacy or security properties of unofficial versions of Signal.”
TeleMessage, an Israeli-founded platform, was acquired by U.S. company Smarsh last year. Smarsh promotes the service as a means for both public and private sector clients to archive mobile communications and voice data, making them searchable and readily available for audits and investigations. An archived version of the TeleMessage website, which was removed earlier this month, claimed to “capture & record Signal calls, messages, deletions, including text, multimedia, files.”
The controversy surrounding Signal intensified in March when The Atlantic editor-in-chief Jeffrey Goldberg revealed that Waltz inadvertently added him to a group chat of high-profile national security officials discussing a military operation in Yemen. Following this incident, Waltz was removed from his position as national security adviser, although President Trump indicated plans to nominate him as U.S. ambassador to the United Nations.
The White House has consistently defended the use of Signal by top officials, asserting its approval for government communications. However, in a recent interview with Goldberg, Trump expressed a different perspective, stating, “I think we learned: Maybe don’t use Signal, okay? If you want to know the truth. I would frankly tell these people not to use Signal, although it’s been used by a lot of people. But, whatever it is, whoever has it, whoever owns it, I wouldn’t want to use it.”
