Signal-Based App Used by Former Trump Adviser Hacked
A messaging app modeled after Signal and used by former Trump National Security Adviser Mike Waltz has been compromised, according to a report from 404 Media. The incident has spotlighted vulnerabilities in communication platforms used at high levels of the U.S. government.
The app, developed by Israeli firm TeleMessage, is designed to archive messages for government compliance. TeleMessage has now suspended its services and launched an internal investigation into the security breach.
In an email to users, Smarsh, the Portland, Oregon-based company that operates TeleMessage, said it was:
“investigating a potential security incident” and suspending services “out of an abundance of caution.”
Hacker Claims Access to Backend Infrastructure
According to 404 Media, an unnamed hacker exploited a vulnerability in TeleMessage’s infrastructure and claimed to have intercepted user messages. The publication verified some of the stolen material.
“We gained backend access and intercepted some messages,”
— Anonymous hacker, via 404 Media
The hacker reportedly did not access messages from Waltz or Trump administration officials, but the revelation raises significant alarms over the integrity of secure messaging platforms tailored for official use.
App Usage Linked to Yemen Military Update Scandal
The incident follows a recent scandal involving Waltz, who was removed from his role after using a Signal-based group chat to share real-time updates on U.S. military actions in Yemen.
The chat drew attention when a journalist was accidentally added to the group. A photograph captured by Reuters during a cabinet meeting showed Waltz using the TeleMessage app.
This event led to further scrutiny around the modified Signal application, especially regarding how it handles sensitive, decrypted communications.
Signal and Security Experts Warn of Risks in Modified Versions
A spokesperson for Signal reiterated that:
“The company cannot guarantee the privacy or security properties of unofficial versions of Signal.”
While Signal itself offers end-to-end encryption, apps like TeleMessage (now being rebranded as Capture Mobile) are designed to store messages post-decryption to comply with recordkeeping requirements.
Experts warn that such added features, if not carefully implemented, can introduce significant security vulnerabilities.
No Response from Involved Parties Yet
Attempts to contact TeleMessage, Smarsh, Waltz, and the White House for comments have so far been unsuccessful.
The breach underscores the ongoing tension between security compliance and operational privacy in tools used by government officials and enterprises alike.
