Trump Government's Signal Clone Has Been Hacked

Archived messages lacked encryption.

TeleMessage, a modified version of Signal the US government uses that archives messages, has been hacked.

It’s been a bad year for U.S. cybersecurity, and it looks like it’s getting worse.

A hacker has allegedly breached TeleMessage, an Israeli firm that markets modified versions of messaging apps – including Signal, WhatsApp, Telegram and WeChat – to the US government.

These modified apps, unlike their public counterparts, archive messages in line with legal requirements about government communications.

It is not, however, clear how those archived messages are protected, although based on the hack it appears the archived chat logs are not re-encrypted after being copied from the original app.

According to 404 Media, the attacker broke into TeleMessage and stole the contents of direct messages and group chats.

Although the hacker does not appear to have obtained cabinet members’ messages, screenshots of the stolen data seen by 404 Media show messages related to US Customs and Border Protection.

There are also messages about crypto firm Coinbase and other financial companies, which relate to the USA’s cryptocurrency bill.

That means the attacker was able to access live messaging about ongoing governmental work.

As well as message content, the data also includes names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.

The hacker said breaking into TeleMessage “wasn’t much effort at all,” and only took “15-20 minutes.”

The attack comes soon after Mike Waltz, Trump’s just-replaced national security adviser, accidentally revealed TeleMessage’s existence in a cabinet meeting – and only a few weeks after Waltz and other government officials were tied to a security breach involving Signal.

TeleMessage, which despite its Israel base is owned by U.S.-based Smarsh, said, “all TeleMessage services have been temporarily suspended.”

This article originally appeared on our sister site Computing.