CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
A hacker has successfully breached TeleMessage, an Israeli company that provides modified versions of secure messaging apps such as Signal, WhatsApp and Telegram to the U.S. government. The breach resulted in the exfiltration of sensitive data, including archived messages from these modified apps. TeleMessage has suspended all services and is currently investigating the incident. The breach highlights the vulnerabilities associated with modifying secure messaging applications, especially concerning the preservation of end-to-end encryption.
The compromised data includes the contents of direct messages and group chats, as well as contact information for government officials. 404 Media reported that the hack exposed data related to U.S. Customs and Border Protection (CBP), the cryptocurrency exchange Coinbase, and several other financial institutions. The hacker claimed the entire process of accessing TeleMessage’s systems took only 15-20 minutes, underscoring the ease with which the security was circumvented. Despite the breach, there are reports that messages from top US government officials and cabinet members were not compromised.
TeleMessage, which was recently in the spotlight after former U.S. National Security Advisor Mike Waltz was seen using their modified version of Signal, offers archiving services for messages. However, the hack revealed that the archived chat logs were not end-to-end encrypted between the modified app and the ultimate archive destination controlled by the TeleMessage customer. Smarsh, the parent company of TeleMessage, has engaged an external cybersecurity firm to support the investigation and has temporarily suspended all TeleMessage services as a precaution. A Coinbase spokesperson stated that the company is closely monitoring the situation, but has not found any evidence of sensitive customer information being accessed or accounts being at risk.
ImgSrc: securityaffairs
References :
The compromised data includes the contents of direct messages and group chats, as well as contact information for government officials. 404 Media reported that the hack exposed data related to U.S. Customs and Border Protection (CBP), the cryptocurrency exchange Coinbase, and several other financial institutions. The hacker claimed the entire process of accessing TeleMessage’s systems took only 15-20 minutes, underscoring the ease with which the security was circumvented. Despite the breach, there are reports that messages from top US government officials and cabinet members were not compromised.
TeleMessage, which was recently in the spotlight after former U.S. National Security Advisor Mike Waltz was seen using their modified version of Signal, offers archiving services for messages. However, the hack revealed that the archived chat logs were not end-to-end encrypted between the modified app and the ultimate archive destination controlled by the TeleMessage customer. Smarsh, the parent company of TeleMessage, has engaged an external cybersecurity firm to support the investigation and has temporarily suspended all TeleMessage services as a precaution. A Coinbase spokesperson stated that the company is closely monitoring the situation, but has not found any evidence of sensitive customer information being accessed or accounts being at risk.
ImgSrc: securityaffairs
Share:
References :
- securityaffairs.com: SecurityAffairs: A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
- Talkback Resources: A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov [app]
- www.techradar.com: TeleMessage, the Signal-esque app used by the Trump administration, has been hacked
- www.metacurity.com: A hacker stole content from the Telemessage system used by the US government
- TechCrunch: TeleMessage, a modified Signal clone used by US govt. officials, has been hacked
- The DefendOps Diaries: TeleMessage Breach: Unveiling the Risks of Modified Secure Messaging Apps
- techcrunch.com: TeleMessage, a modified Signal clone used by US government officials, has been hacked
- Risky Business Media: Trump admin’s Signal clone gets hacked, messages exposed
- The Register - Security: Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess
- siliconangle.com: The security of U.S. government officials’ communications has come under the spotlight again after a modified Signal app used to archive data from third-party messaging apps was hacked in less than 30 minutes.
- WIRED: Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
- CyberInsider: Signal Clone App Used by Trump Officials Breached in Minutes
- Metacurity: Criminal scam network run by Darcula exposed by journalists, DragonForce takes credit for Co-op attack, NoName attacked Romanian gov't websites on election day, US indicts Black Kingdom ransomware dev, Trump wants to slash nearly $500m from CISA, Qilin claims Cobb Co. attack, much more
- arstechnica.com: TeleMessage, a company that provides modified versions of Signal for message archiving, has suspended its services after a reported hack, exposing communications from U.S. government officials.
- hackread.com: TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…
- www.404media.co: A hacker has exploited a vulnerability in TeleMessage, a company that provides modified versions of encrypted messaging apps, to extract archived messages and data related to U.S. government officials and companies that used the service, according to a report by 404 Media.
- www.csoonline.com: The Israeli company behind the obscure messaging app former US national security advisor Mike Waltz was photographed using on his iPhone last week was recently hacked, it has been alleged.
- Metacurity: You ask yourself how the Trump administration's insane messing around with the Signal app and its clones could get any worse, and then the universe tells you how. The Signal Clone the Trump Admin Uses Was Hacked
- Dropsafe: US Gov’t Signal-clone with backdoor for message retention, hacked, messages leaked | …I really hope #Ofcom are watching re: the impact of proposed client side scanning
- BleepingComputer: Unofficial Signal app used by Trump officials investigates hack
- arstechnica.com: Signal clone used by Trump official stops operations after report it was hacked
- securityaffairs.com: A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
- go.theregister.com: Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess
- iHLS: Israeli Encrypted Messaging Archiving Platform Used by U.S. Officials Compromised in Cyberattack
- www.insicurezzadigitale.com: Clonazione di Signal: sospesa dopo hacking un’app utilizzata da un ex funzionario dell’amministrazione Trump
- bsky.app: TeleMessage, the Signal clone used by US government officials, suffers hack
- Privacy ? Graham Cluley: TeleMessage, the Signal clone used by US government officials, suffers hack
- WIRED: The Signal clone Mike Waltz Was Caught Using Has Direct Access to User Chats
- www.wired.com: Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
- WIRED: Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage
- Metacurity: TeleMessage suspends service following reported hack
Classification:
- HashTags: #DataBreach #TeleMessage #Signal
- Company: TeleMessage
- Target: TeleMessage, U.S. Government
- Product: TeleMessage
- Feature: Data Theft
- Type: DataBreach
- Severity: Medium