Ethical Hacking News
A recent security breach involving an Israeli company that provides messaging services to some U.S. government officials has raised concerns about the vulnerability of unofficial Signal clones used by sensitive information holders. The incident highlights the need for robust security measures and adherence to best practices in data encryption and communication, underscoring the importance of vigilance among organizations using such apps.
TeleMessage, an Israeli company providing secure mobile messaging services, was breached, with hackers gaining unauthorized access to archived messages via its unofficial Signal clone. The breach occurred on April 30, 2025, and is believed to have taken approximately 15-20 minutes to complete, indicating high sophistication and ease of exploitation. Leaked data links the stolen information to government agencies, financial services, and crypto exchanges, raising concerns about data encryption and secure communication practices. The breach has suspended all TeleMessage services while investigating a potential security incident, with the company taking swift action to contain the issue. Signal itself has not been implicated in this breach, but unofficial Signal clones like TM SGNL may be exposed to similar vulnerabilities without proper oversight.
In a shocking revelation, it has come to light that TeleMessage, an Israeli company that provides secure mobile messaging services for businesses, including tools to archive messages exchanged via secure end-to-end encrypted messaging apps like Telegram, WhatsApp, and Signal, has been the victim of a security breach. The breach, which occurred on April 30, 2025, saw hackers gain unauthorized access to direct messages and group chats archived using TeleMessage's unofficial Signal clone, known as TM SGNL.
According to sources close to the matter, the hacker in question claimed that the entire process took approximately 15-20 minutes to complete, indicating a high level of sophistication and ease of exploitation. The hacker also stated that if they had been able to find this vulnerability in less than 30 minutes, then anyone else could have as well.
The breach is particularly concerning given its proximity to sensitive information involving cabinet members and former national security adviser Mike Waltz. While the leaked data did not expose any messages from Trump administration officials themselves, screenshots shared by these officials allegedly link the stolen data to various government agencies, financial services, and crypto exchanges such as U.S. Customs and Border Protection, Coinbase, and Scotiabank.
Furthermore, an analysis of TeleMessage's TM SGNL backdoored Signal app conducted by former The Intercept journalist and software engineer Micah Lee uncovered several vulnerabilities, including hardcoded credentials. This raises questions about the overall security posture of unofficial Signal apps like TM SGNL and their adherence to best practices for data encryption and secure communication.
In response to this breach, Smarsh, the parent company of TeleMessage, has suspended all TeleMessage services while investigating what it describes as a potential security incident. The company has assured customers that out of an abundance of caution, they have taken swift action to contain the issue and are committed to transparency throughout the investigation.
It is essential to note that Signal itself has not been implicated in this breach. According to White House deputy press secretary Anna Kelly, "Signal is an approved app for government use and is loaded on government phones," underscoring the company's commitment to providing secure communication tools for sensitive information.
As cybersecurity threats continue to escalate, it serves as a stark reminder of the importance of robust security measures and adherence to best practices for data encryption and secure communication. This incident highlights the need for vigilance among organizations using unofficial Signal clones like TM SGNL, who may be exposed to similar vulnerabilities without proper oversight.
In an effort to mitigate such risks, several industry leaders have emphasized the need for greater transparency regarding the use of unofficial messaging apps. As the situation continues to unfold, it is crucial that all parties involved in this breach exercise caution and adhere to established protocols for incident response and data security.
The full extent of the breach remains unclear at this time, but one thing is certain – it has shed light on a critical vulnerability in the use of unofficial Signal clones like TM SGNL. As such, this development warrants close attention from industry experts, policymakers, and the general public alike, who must remain vigilant in their pursuit of secure communication solutions.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unofficial-Signal-App-Used-by-Trump-Officials-Under-Investigation-for-Security-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/unofficial-signal-app-used-by-trump-officials-investigates-hack/
https://attack.mitre.org/groups/G0007/
https://www.crowdstrike.com/en-us/blog/who-is-fancy-bear/
Published: Mon May 5 15:50:43 2025 by llama3.2 3B Q4_K_M
