07. May 2025
Telemessage Under Fire As Private Video Reveals Shocking Security Secrets
The controversy surrounding TeleMessage, the company behind the modified messaging app used by the Trump administration, has taken a significant turn. The company made a video private on its YouTube channel that explained how its Signal message archiving tool worked, and how it is able to copy messages securely. However, after 404 Media revealed that a hacker had targeted TeleMessage, the video was made public in order to preserve the company’s claims about the security and functioning of its Signal archiving product.
Senator Ron Wyden has demanded a Department of Justice investigation into the TeleMessage episode, including the national security risk the app poses. In his letter demanding the investigation, Wyden also points to TeleMessage’s marketing material which claims messages are protected with end-to-end encryption, a claim that both the hack and a subsequent technical analysis refute.
The video in question claimed that TeleMessage’s app keeps “intact the Signal security and end-to-end encryption when communicating with other Signal users.” However, judging by the fact that the hacker was able to obtain plaintext Signal messages, this statement is not true. The video also said that “The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes.” This claim is also false, as a technical analysis revealed that TM Signal’s archiving feature fundamentally undermines Signal’s flagship security guarantees.
A journalist and security researcher, Micah Lee, conducted a detailed analysis of TM Signal’s Android source code to assess the app’s design and security. His findings suggest that TM Signal is not end-to-end encrypted and that the company could access the contents of users’ chats. The archive server used by TeleMessage appears to send messages between the app and a user’s message archive without end-to-end encryption, making users’ communications accessible to TeleMessage.
Lee’s analysis confirms his previous findings about the hack of TM Signal over the weekend, which revealed some user messages and other data—a clear sign that at least some data was being sent unencrypted, or as plaintext, at least some of the time within the service. This alone would seem to contradict TeleMessage’s marketing claims that TM Signal offers “End-to-End encryption from the mobile phone through to the corporate archive.”
“The fact that there are plaintext logs confirms my hypothesis,” Lee says. “The fact that the archive server was so trivial for someone to hack, and that TM Signal had such an incredible lack of basic security, that was worse than I expected.” This highlights the significant security flaws in TeleMessage’s app, which could have serious implications for users who rely on it.
TeleMessage is an Israeli company that completed its acquisition last year by the US-based digital communications archiving company Smarsh. The company is a federal contractor, but the consumer apps it offers are not approved for use under the US government’s Federal Risk and Authorization Management Program, or FedRAMP.
Smarsh did not return requests for comment about Lee’s findings. However, the company said on Monday, “TeleMessage is investigating a potential security incident. Upon detection, we acted quickly to contain it and engaged an external cybersecurity firm to support our investigation.”
Lee’s findings are likely significant for all TeleMessage users but have particular significance given that TM Signal was used by President Donald Trump’s now-former national security adviser Mike Waltz. He was photographed last week using the service during a cabinet meeting, and the photo appeared to show that he was communicating with other high-ranking officials, including Vice President JD Vance, US Director of National Intelligence Tulsi Gabbard, and what appears to be US Secretary of State Marco Rubio.
TM Signal is compatible with Signal and would expose messages sent in a chat with someone using TM Signal, whether all participants are using it or some are using the genuine Signal app. This raises serious questions about the security of the Trump administration’s communication networks and the potential risks posed by TeleMessage’s app.
The incident has also sparked concerns about the lack of transparency and accountability from TeleMessage. The company’s marketing material claims that messages are protected with end-to-end encryption, but this claim is refuted by both the hack and a subsequent technical analysis. This highlights the need for greater scrutiny and oversight of companies like TeleMessage, which have access to sensitive government data.
US senator Ron Wyden called for the Department of Justice to investigate TeleMessage, alleging that it is “a serious threat to US national security.” Wyden wrote, “The government agencies that have adopted TeleMessage Archiver have chosen the worst possible option. They have given their users something that looks and feels like Signal, the most widely trusted secure communications app. But instead, senior government officials have been provided with a shoddy Signal knockoff that poses a number of serious security and counterintelligence threats.”
The security threat posed by TeleMessage Archiver is not theoretical; it has already been demonstrated in practice. The hack of TM Signal revealed that some user messages and other data were being sent unencrypted, or as plaintext, at least some of the time within the service. This raises significant concerns about the potential risks posed by TeleMessage’s app to national security.
In conclusion, the controversy surrounding TeleMessage and its signal archiving app highlights the need for greater scrutiny and accountability from companies that have access to sensitive government data. The incident also underscores the importance of end-to-end encryption in secure communication apps and the need for greater transparency and oversight of companies like TeleMessage.