The Trump administration is the victim of a serious privacy breach. As reported by our colleagues at 404media, the messaging service used by several members of the White House has been hacked.
A controversial photo of TeleMessage
Last week, a photo taken by Reuters revealed that Mike Waltz, Donald Trump's national security advisor, was using TeleMessage, an unofficial version of the Signal app, to communicate with senior officials. The photo shows prominent members of the government, such as Vice President J.D. Vance, also using the messaging service.
TeleMessage is offered by an Israeli company that develops modified and unofficial versions of popular messaging apps, such as Telegram, WhatsApp, WeChat, and Signal. Obviously, these cloned apps don't offer the same security as the official versions. Messages and communications are stored on servers.
This is TeleMessage's flagship feature. The company prides itself on archiving all of its users' communications, particularly in sensitive sectors such as finance, healthcare, and telecommunications, generally for compliance, transparency, and monitoring purposes. TeleMessage assures that its service does not compromise Signal's security and that end-to-end encryption remains intact. According to the Israeli company, the only difference is that its version of Signal automatically saves all messages sent and received on servers.
A lightning cyberattack against TeleMessage
Shortly after the outcry caused by this photo, a hacker reported having managed to hack TeleMessage's servers. Interviewed by 404media, the hacker explained that the operation took no more than 20 minutes. Without much effort, the hacker got his hands on excerpts from conversations and contact information for American officials and politicians.
Even more worrying, he obtained login credentials, which opens the door to all sorts of abuse. Data relating to employees of the US Customs Service and the Washington police were also compromised. This is also the case for information concerning employees of private companies, such as the cryptocurrency exchange Coinbase. This leak suggests that TeleMessage has not actually adopted Signal's encryption protocol. This is why information may have been exfiltrated.
Good news for those affected: the hacker has no intention of disclosing the compromised data. He simply wanted to determine whether the Israeli company was adequately protecting its users' conversations.
Following the hacker's intrusion, TeleMessage confirmed that it was the victim of a "potential security incident". In a statement sent to Bleeping Computer, the firm added that "all TeleMessage services have been temporarily suspended", out of "an abundance of caution". For its part, a Signal spokesperson reiterated that "we cannot guarantee the privacy or security properties of unofficial versions of Signal".
Note that Signal allows other companies to use some of its technology, such as its encryption protocol, under certain conditions. This protocol is also used within WhatsApp and iMessage. Signal never gave TeleMessage permission to use its protocol, however. Signal became aware of TeleMessage's existence when a photo of Mike Waltz made headlines...
Trump fires his national security adviser
In the wake of this affair, Mike Waltz was forced out. The former national security adviser had already been the target of criticism because he used Signal to exchange highly sensitive military information with several of Donald Trump's close associates, such as J.D. Vance and CIA Director John Ratcliffe.
He accidentally added Jeffrey Goldberg, editor-in-chief of The Atlantic magazine, to the conversation. The journalist was thus able to consult the precise timings of upcoming US airstrikes on the Houthi rebels in Yemen. Waltz also used his personal Gmail address to exchange messages related to his work. Other similar errors ultimately forced Donald Trump to fire Mike Waltz. The president simply assured that "Mike Waltz worked hard to put our nation's interests first," from "the battlefield in uniform, to his role as national security adviser, to Congress.".
Source: 404media
0 Comments