The TeleMessage Hack: A Breach in Government Security
In a recent cyber attack, a hacker exploited a vulnerability in TeleMessage, a provider of modified versions of encrypted messaging apps like Signal, Telegram, and WhatsApp. The breach resulted in the extraction of archived messages and sensitive data belonging to U.S. government officials and companies who utilized the platform, as reported by 404 Media.
TeleMessage gained attention last week when it was revealed that former U.S. National Security Adviser Mike Waltz was using TeleMessage’s modified Signal app. The Israel-based company, owned by Smarsh, offers a service for archiving messages, including voice notes, from encrypted applications.
According to 404 Media, while the messages of cabinet members and Waltz remained secure, the hacker accessed contents of messages, contact details of government officials, backend login credentials for TeleMessage, and more. The breached data included information from entities such as the U.S. Customs and Border Protection, cryptocurrency exchange Coinbase, and financial institutions like Scotiabank.
The breach also exposed that the archived chat logs were not end-to-end encrypted between TeleMessage’s modded Signal version and the storage destination, highlighting a significant security loophole, as per 404 Media’s findings.
Despite reaching out for comments, Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank have not responded to the incident as of yet.
