The Trump Administration Switched to a Sketchy Signal Clone and It Got Hacked, Leaking Messages
The clone of the messaging app Signal, which was being used by since-ousted national security advisor Mike Waltz during a recent cabinet meeting, has been hacked. As 404 Media reports, the hacker easily exploited major security vulnerabilities in the obscure app, demonstrating that archived chat logs aren't end-to-end encrypted. The app in question, a modified version of Signal, which Israeli company TeleMessage sells to the US government to archive messages, was spotted in Reuters photographs of Waltz, taken during a cabinet meeting with president Donald Trump last week. Waltz was ousted from his national security advisor role on May 1, […]
A clone of the messaging app Signal, which was being used by since-ousted national security advisor Mike Waltz during a recent cabinet meeting, has been hacked.
As 404 Media reports, the hacker easily exploited major security vulnerabilities in the obscure app, obtaining the contents of certain direct messages and groupchats, and demonstrating that archived chat logs aren't end-to-end encrypted.
The app in question, which Israeli company TeleMessage sells to the US government to archive messages, was spotted in Reuters photographs of Waltz's smartphone, taken during a cabinet meeting with president Donald Trump last week.
According to the photographs, Waltz was using the app to chat with secretary of state Marco Rubio, vice president JD Vance, and director of national intelligence Tulsi Gabbard.
The latest news highlights enormous gaps in the Trump administration's cybersecurity measures. Experts have warned that sensitive data could quickly land in the wrong hands, making apps like Signal and TeleMessage obvious — and apparently easy — targets for foreign adversary hacking groups.
Waltz was ousted from his national security advisor role on May 1, alongside his deputy Alex Wong. While it's unclear what the exact reasoning was for the demotion, inside sources told The Guardian last week that the president had briefly considered firing Waltz after he accidentally added The Atlantic editor Jeffrey Goldberg to a Signal group chat that contained discussions about war plans in Yemen.
Given the latest news, the situation could be even worse than we thought. Not only was Waltz previously using an unmodified version of Signal to discuss highly sensitive information — a major deviation from Department of Defense protocol — but the Signal knockoff he was spotted using is incredibly vulnerable to hacking as well.
As 404 reports, the hacker was unable to obtain messages between Waltz and his accomplices. However, they did access to data related to the Customs and Border Protection (CBP) agency, the crypto exchange Coinbase, and other financial institutions.
The data included names and contacts of government officials, as well as usernames and passwords for the app's backend.
"I would say the whole process took about 15-20 minutes," the hacker told the publication. "It wasn’t much effort at all."
"If I could have found this in less than 30 minutes then anybody else could too," they added. "And who knows how long it’s been vulnerable?"
Meanwhile, the White House has maintained that Signal is on the approved list of apps that can be used by government officials.
However, deputy press secretary Anna Kelly failed to field NBC News' question about the use of TeleMessage last week.
More on Signal gate: The White House Said No Classified Material Was Shared in the Group Chat. Then the Rest of It Leaked
The post The Trump Administration Switched to a Sketchy Signal Clone and It Got Hacked, Leaking Messages appeared first on Futurism.
