TeleMessage, used by Trump officials, can access plaintext chat logs
a year ago
- #Encryption
- #Signal
- #TeleMessage
- TeleMessage's TM SGNL app, a modified version of Signal used by senior Trump officials, can access plaintext chat logs despite claims of end-to-end encryption.
- The app archives every message to TeleMessage's server, breaking Signal's encryption model, and sends plaintext logs to a server hosted on AWS.
- TeleMessage is an Israeli company founded by a former IDF intelligence officer, raising concerns about potential access by Israeli intelligence.
- Analysis of TM SGNL's Android source code reveals it stores messages in a SQLite database and syncs them to TeleMessage's archive server in plaintext.
- A hack of TeleMessage's archive server confirmed the presence of plaintext Signal, Telegram, and WhatsApp messages, along with private key material.
- The archive server was vulnerable, allowing unauthorized access to sensitive data, including chat logs from government officials.
- Senator Ron Wyden has called for a DOJ investigation into TeleMessage, citing national security risks due to its insecure software.