The Mike Waltz Signal Branch was caught using direct access to user chats

Communication app A signal to the telemes used by At least one senior employee of Trump administration To back up messages has already suffered violations that illustrate about the shortcomings of security and have led to their mother’s company Pause service This week, waiting for an investigation. Now Detailed new findings From the journalist and security researcher Mika Lee, the TM Signal backup feature seems to be mainly undermined the signal security guarantees, sending messages between the user application and the end -to -end encryption archive, thus making users available for telemesage.

Lee conducted a detailed analysis of TM Signal’s Android source code to evaluate the design and security of the app. In collaboration with 404 media he had early reported For a TM hack on the weekend, which revealed some user messages and other data – a clear sign that at least some data are sent unknown or as a clear text, at least part of the time in the service. This alone would seem to be contrary to Telemessage’s marketing statements that TM Signal offers “End to end encryption to the corporate archive”. But Lee says his recent discoveries show that the TM signal is not encrypted from end to end and that the company can gain access to the content of the chats of consumers.

“The fact that there is Laintext Logs, confirms my hypothesis,” Lee says to Wired. “The fact that the archival server was so trivial for someone to hack and that the TM signal had such an incredible lack of basic security, it was worse than I expected.”

Telemessage is an Israeli company that completed its acquisition last year by US -based digital communications backup company. Telemessage is a federal contractor, but the user applications it offers are not approved For use under the Risk Management Program and Government Permissions or Fedramp.

Smarsh did not return Wired’s requests for comment on Lee’s discoveries. The company said on Monday that “Telemesage was investigating a potential security incident. After the discovery, we acted quickly to contain it and hired an external cybersecurity company to support our investigation.”

Lee’s findings are probably important to all telemesage users, but they are of particular importance, given that the TM signal has been used since the evening of President Donald Trump for national security Mike Walks. He was filmed last week using the service during a cabinet meeting and it seems that the photo shows that he is communicating with other high -ranking employees, including Vice President JD Vance, US Director of US National Intelligence Director Tulsei Gabard and what the US Secretary of State Marco Rubio seems to be. The TM signal is compatible with the signal and would expose messages sent in chat with someone using a TM signal, whether all participants use it or some use the real signal application.

Lee found that the TM signal was designed to record data for communication of the signal to a local database of the user’s device and then send this to an archive server for long -term retention. The messages, according to him, are sent directly to the archival server, seemingly as LAINTEXT Logs in the cases discussed by Lee. Conducting the analysis, he says “confirmed that the archival server has access to Laintext Chat registrations.”

Data taken from the Telemessage archive server in the hack include registration files for chat, Usernames and passwords of Speeatext and even private encryption keys.

In a Letter On Tuesday, US Senator Ron Wyden called on the Ministry of Justice to investigate a telemessage, claiming that it was a “serious threat to US national security.”

“Government agencies that have accepted the Telemes Archive have chosen the most possible option,” Wyden writes. “They have given their users something that looks and feels like a signal, the broaderly reliable application for secure communications. But instead, senior civil servants are provided with a cheeky signal, which is a number of serious security threats and counterintelligence.