The communication app TeleMessage Signal, used by at least one top Trump administration official to archive messages, has already reportedly suffered breaches that illustrate concerning security flaws and resulted in its parent company imposing a service pause this week pending investigation. Now, according to detailed new findings from the journalist and security researcher Micah Lee, TM Signal’s archiving feature appears to fundamentally undermine Signal’s flagship security guarantees, sending messages between the app and a user’s message archive without end-to-end encryption, thus making users’ communications accessible to TeleMessage.
Lee conducted a detailed analysis of TM Signal’s Android source code to assess the app’s design and security. In collaboration with 404 Media, he had previously reported on a hack of TM Signal over the weekend, which revealed some user messages and other data—a clear sign that at least some data was being sent unencrypted, or as plaintext, at least some of the time within the service. This alone would seem to contradict TeleMessage’s marketing claims that TM Signal offers “End-to-End encryption from the mobile phone through to the corporate archive.” But Lee says that his latest findings show that TM Signal is not end-to-end encrypted and that the company could access the contents of users’ chats.
“The fact that there are plaintext logs confirms my hypothesis,” Lee tells WIRED. “The fact that the archive server was so trivial for someone to hack, and that TM Signal had such an incredible lack of basic security, that was worse than I expected.”
TeleMessage is an Israeli company that completed its acquisition last year by the US-based digital communications archiving company Smarsh. TeleMessage is a federal contractor, but the consumer apps it offers are not approved for use under the US government’s Federal Risk and Authorization Management Program, or FedRAMP.
Smarsh did not return WIRED’s requests for comment about Lee’s findings. The company said on Monday, “TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”
Lee’s findings are likely significant for all TeleMessage users but have particular significance given that TM Signal was used by President Donald Trump’s now-former national security adviser Mike Waltz. He was photographed last week using the service during a cabinet meeting, and the photo appeared to show that he was communicating with other high-ranking officials, including Vice President JD Vance, US Director of National Intelligence Tulsi Gabbard, and what appears to be US Secretary of State Marco Rubio. TM Signal is compatible with Signal and would expose messages sent in a chat with someone using TM Signal, whether all participants are using it or some are using the genuine Signal app.
Lee found that TM Signal is designed to save Signal communication data in a local database on a user’s device and then send this to an archive server for long-term retention. The messages, he says, are sent directly to the archive server, seemingly as plaintext chat logs in the cases examined by Lee. Conducting the analysis, he says, “confirmed the archive server has access to plaintext chat logs.”
Data taken from the TeleMessage archive server in the hack included chat logs, usernames and plaintext passwords, and even private encryption keys.
In a letter on Tuesday, US senator Ron Wyden called for the Department of Justice to investigate TeleMessage, alleging that it is “a serious threat to US national security.”
“The government agencies that have adopted TeleMessage Archiver have chosen the worst possible option,” Wyden wrote. “They have given their users something that looks and feels like Signal, the most widely trusted secure communications app. But instead, senior government officials have been provided with a shoddy Signal knockoff that poses a number of serious security and counterintelligence threats. The security threat posed by TeleMessage Archiver is not theoretical.”
