TeleMessage, a messaging application employed by former U.S. National Security Adviser Mike Waltz, has suspended its services following a cyberattack that compromised sensitive government and corporate data. The breach has intensified scrutiny over the use of unofficial communication tools within high-level government operations.
The application, known as TM Signal, is a modified version of the open-source Signal platform, developed by Israeli company TeleMessage and later acquired by U.S.-based Smarsh. Unlike the original Signal app, TM Signal includes an archiving feature that stores messages in plaintext, rendering them accessible to TeleMessage and, as the breach revealed, to unauthorized parties. This design choice undermines the end-to-end encryption that Signal is known for, raising significant security concerns.
The cyberattack reportedly allowed hackers to access TM Signal’s backend infrastructure within minutes, exposing unencrypted chat logs, usernames, passwords, and encryption keys. The compromised data includes communications from various government agencies and corporations, though it remains unclear whether classified information was among the leaked content. The incident has prompted TeleMessage to suspend its services and initiate an investigation with the assistance of an external cybersecurity firm.
The breach has drawn attention to the use of TM Signal by senior government officials, including Waltz, who was photographed using the app during Cabinet meetings. The application’s resemblance to the official Signal app has been criticized as misleading, potentially giving users a false sense of security. Security experts have pointed out that TM Signal is not authorized under the U.S. government’s Federal Risk and Authorization Management Program , which sets standards for secure cloud services.
The incident follows a previous controversy involving Waltz, who inadvertently added a journalist to a Signal group chat discussing U.S. military operations in Yemen. The group included high-ranking officials such as Vice President JD Vance and Secretary of State Marco Rubio. The leak of this conversation raised alarms about the handling of sensitive information and led to calls for Waltz’s resignation.
In response to the breach, Senator Ron Wyden has called for a Department of Justice investigation into TeleMessage, citing national security risks associated with the app’s vulnerabilities. The senator emphasized the need for transparency and accountability in the use of communication tools by government officials.
The White House has defended the use of Signal for official communications, stating that it is an authorized application installed on government-issued devices. However, the use of modified versions like TM Signal has raised questions about compliance with security protocols and the potential for unauthorized data access.
The breach has also highlighted the broader issue of digital hygiene among government personnel. The use of unofficial or altered communication applications can introduce vulnerabilities that compromise the confidentiality and integrity of sensitive information. Experts have stressed the importance of adhering to approved communication platforms that meet established security standards.
