TeleMessage Signal, used by at least one top Trump administration official to archive messages, has faced significant scrutiny following recent developments. The transparency company, as described by MICAH LEE, appears to be operating under a false pretence in its archiving feature, which undermines its core security guarantees. Lee’s findings suggest that the app is not delivering the end-to-end encryption (E2EE) that Signal and its competitors, like Smarsh, claim to provide.
In a new report, Lee revealed that TM Signal’s archiving feature acts as aisory signal, sending messages without encrypted communication between the app and a user’s message archive. This creates a situation where users’ conversations are accessible to various flawed encryption methods, bringing into question the company’s claims of superior security.
Lee’s analysis of TMSignal’s Android source code highlights serious security vulnerabilities. Lee observed that the archive server, which was trivial for hacking access, displayed minimal security measures. This raises questions about the company’s adherence to best practices and the potential for misuse of its services.
The findings of Lee and 404 Media indicate that TMSignal is not encrypting communications as expected. Lee stated, “The fact that there are plaintext logs confirms my hypothesis,” and further added, “The fact that the archive server was so trivial for someone to hack, and that TMSignal had such an incredible lack of basic security, that was worse than I expected.” These results have severe implications for all users of TeleMessage.
Limiting Lee’s findings to his portion, the company concluded that TMSignal’s app is not offering end-to-end encrypted communication. Lee pointed out that his analysis found “plaintext logs confirming my hypothesis,” and he noted that his findings were “completely unexpected,” given the critical role TMSignal played in Trump’s administration.
The significance of Lee’s findings extends beyond his analysis of TMSignal. The true impact lies in the broader implications of TMSignal’s Archiver, which allows users to send messages to a specially curated archive, bypassing the standard secure channels. Lee claimed that the app is compatible with the top-secret Signal app, which he personalizes into a Spanish misspelling of the غيرifice.
Lee’s findings are particularly alarming given the role of TMSignal in台umping’s administration, where-especially involving Donald Trump’s officials(isinstance Mike Waltz, the former national security advisor). His photograph showed his interactions with high-ranking officials, including Vice President JD Vance, US Director of National Intelligence Tulsi Gabbard, and US Department of State Marco Rubio during a cabinet meeting.
Lee also assessed the app’s data management, stating that it stores chat logs, usernames, and even private encryption keys in the archive server’s logs. A letter from US Senator Ron Wyden called for appropriate judgment regarding this data.
With Lee’s findings possibly impacting all users of TeleMessage and Signal apps, it raises questions about security practices and potential surveillance. Lee emphasized that the app may not be suitable for anyone without the right level of expertise and proper encryption.
