Over 60 White House aides used a Signal clone app. The problem is that it got hacked in 20 minutes

Have you heard of the TeleMessage app? If you keep an eye on what the US government is doing, you probably have. And you about its extremely poor security standards and practices.

During a cabinet meeting several weeks ago, a photo caught then-national security adviser Mike Waltz secretly using a messaging app on his phone. It looked like Signal (popular because it's allegedly secure), but it was actually a modified version of it, called TM SGNL, made by a company named TeleMessage. Unlike Signal, TM SGNL stores copies of all messages, removing the usual privacy protections. Not good!

A recent cyberattack on TeleMessage revealed a broad breach. According to Reuters, leaked data showed over 60 US government users were affected, including FEMA workers, diplomatic staff, customs officers, Secret Service members, and at least one White House official. While most of the intercepted messages appeared fragmentary and not highly sensitive, some involved travel details for senior officials. This leaked data alone could pose serious counterintelligence risks. TeleMessage, owned by Oregon-based Smarsh, has been offline since May 5 amid ongoing investigations.

The White House acknowledged the incident, while agencies like the Secret Service and FEMA confirmed reviews but offered limited details. This incident adds to scrutiny surrounding Waltz, who previously stirred controversy over another recent phone app screw-up.



Soon after Waltz's photo was made public, a hacker revealed they had broken into TeleMessage's systems in under 20 minutes. Wired tells the whole fascinating story. The breach was surprisingly easy due to weak password protection and outdated technology. One major flaw involved a feature called a "heap dump" – a snapshot of the system's memory – which was left open to anyone online. By downloading and searching these memory files, the hacker accessed usernames, passwords, and plain text messages from users, including staff from US Customs and Border Protection and employees of major companies like Coinbase.

Further investigation revealed that TM SGNL's messages were not fully encrypted as advertised. Instead, they passed through an archive server where they were stored unprotected. Experts warn that exposing heap dump files, especially in public-facing systems, is a serious misconfiguration that can give hackers access to sensitive data. Despite these security flaws, TM SGNL was being used at high levels of government, raising concerns about how secure communication tools are selected and managed.

Yeah, I'm wondering, too.