Rules Navigator

Hacker exploits TeleMessage vulnerability – cybersecurity in the spotlight

Image of a person typing on a mobile phone.
Photo: Francis Dean/Corbis via Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

A vulnerability in TeleMessage was reportedly exploited to extract archived messages and other data relating to US government officials and companies.

TeleMessage, a company providing a messaging and archiving app called TM SGNL – used by now-ousted national security adviser Michael Waltz to archive his group chats – has suspended all services after hackers claimed to have stolen files from it.

The app uses encryption technology similar to that of the popular messaging service Signal, but it also offers government agencies and companies a way to back up copies of their chats for recordkeeping compliance purposes.

TeleMessage was founded in Israel in 1999, offers various other apps and services in addition to TM SGNL, and was acquired by the digital communications archiving company Smarsh last year.

“TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation,” a Smarsh spokesperson told WIRED in a statement. “Out of an abundance of caution, all TeleMessage services have been temporarily suspended. All other Smarsh products and services remain fully operational.”

Cybersecurity and encryption

Waltz’s use of the app emerged last week after a photo taken by Reuters showed him holding a phone with the PIN verification popup “TM SGNL” appearing on his screen; TM SGNL refers to the TeleMessage app.

Details are also emerging about what went wrong with the technology and how a hacker gained access to the instant-messaging app’s chat logs. 

The folks at 404 Media (staffed by former Vice reporters) reported that a hacker gained access to the instant-messaging app’s chat logs that were somehow stored unprotected; meaning, TeleMessage’s version of Signal archives might have decrypted messages without re-encrypting them for storage.

That important step in re-encrypting the archived chat logs between the modified version of Signal that TeleMessage offers and the ultimate location where it stores the messages is called end-to-end encryption.

The messages of cabinet members and Waltz were not compromised, but the hacked data “contained contents of messages; contact information of government officials; back-end login credentials for TeleMessage; and more,” 404 Media said. “Data pertaining to the US Customs and Border Protection, crypto exchange Coinbase, and financial service providers like Scotiabank were extracted by the hacker,” their report added.

A Coinbase spokesperson told TechCrunch the company is “closely following these reports and assessing their impact on Coinbase. At this time, there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts.”

Senator Wyden seeks DOJ investigation

Senator Ron Wyden (D-OR) just authored and submitted a letter to Attorney General Pam Bondi, requesting that the Department of Justice (DOJ) “investigate the serious threat to US national security posed by TeleMessage, a federal contractor that sold dangerously insecure communications software to the White House and other federal agencies.”

In the letter, Wyden talks about end-to-end encryption being the gold standard in encryption, “because user communications remain secure even if a service provider’s server is hacked,” and he emphasizes how far more seriously the vetting of its security features should have been, given the highly sensitive information being transmitted over it and the fact that TeleMessage is, according to the Senator, a “foreign company.”

He says: “TeleMessage’s dangerously insecure design should have been discovered long before the company’s app was installed on the phone of the President’s national security adviser and, presumably, other senior White House officials.”

Wyden then urges the DOJ to investigate whether TeleMessage violated the False Claims Act by selling insecure products to the federal government.

And he asks for an investigation into the counterintelligence threat posed by TeleMessage, to determine the extent to which foreign employees of the company have access to the messages of government users, whether the company has shared US government communications with the Israeli government, and whether the Israeli government played any role in the product’s dangerous design.

Background

The apparent hack occurred while the Defense Department’s acting Inspector General, Steve Stebbins, was conducting an evaluation into the use of Signal by Department of Defense personnel, including Defense Secretary Pete Hegseth.

The review appears to include messages in which sensitive information regarding imminent strikes against Houthi rebels in Yemen were mistakenly shared with a journalist from The Atlantic in late March, as well as messages between Hegseth and his family that included similar military information in April.

The review is meant to address the security issues surrounding the use of Signal for such sensitive communications.

Author’s Note: The events described above represent an unfolding situation and ongoing investigation into the facts and circumstances of this matter. Also, please note that GRIP is owned by Global Relay, a leading provider in the digital communications and archiving technology arena.

, , , , , ,

You may also like