TeleMessage, the Signal clone used by US government officials, suffers hack

TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of "an abundance of caution" after a hacker reportedly gained access to US government communications.

TeleMessage entered the spotlight earlier this month after US National Security Advisor Mike Waltz was photographed attending a cabinet meeting held by President Trump at the White House. Close examination of the image revealed Waltz was using TeleMessage on his smartphone.

Waltz, you may recall, was the member of the Trump administration who inadvertently invited a reporter to a Signal chat where highly sensitive military action against the Houthis was being discussed, putting US service personnel at risk.

Many commentators at the time of the security snafu questioned why US officials were using Signal for government business in the first place, as it is not approved for sending classified information.

But now it appears that US officials decided to turn to TeleMessage, a little-known Israeli company, who provided a modified version of Signal for message archiving.

Hence the latest development - the exploitation of a vulnerability in TeleMessage to extract messages and other details from the app's users

404 Media reports that data stolen by the hacker includes chats sent not just using its Signal clone, but also its versions of WhatsApp, Telegram, and WeChat.

Although messages sent by members of the US cabinet via Telemessage were not included in the hacker's haul, breached data did include the contents of messages, contact details of government officials, and back-end login credentials for TeleMessage. In addition, data related to the cryptocurrency exchange Coinbase, financial service provider Scotiabank, and US Customs and Border Protection was also compromised.

All of which strongly suggests that TeleMessage is not properly enforcing end-to-end encryption in its archived chat logs.

TeleMessage, which is owned by Smarsh, says that it has suspended the app's operation while it investigates the security breach:

"Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation," the company said in a statement. "Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational."

Whatever the outcome of the investigation into the security breach, it is not likely to have much of an impact on Mike Waltz. He has no future as US National Security Advisor.

Last week it was reported that Waltz was leaving his post in the wake of his security breach with Signal, to become the nominee for United States Ambassador to the United Nations.