Do Son 
TeleMessage, the company behind TM Signal—a modified version of the widely used Signal messenger—has become embroiled in a major scandal following the disclosure of severe vulnerabilities in its message archiving system. The crisis erupted after revelations surfaced regarding a breach of TeleMessage’s servers, resulting in the exposure of user conversations, including those of officials from the Trump administration. The hacker claimed that within just 15–20 minutes, he had gained access to message contents, login credentials, contact details, and even cryptographic keys.
An investigation conducted by journalist and cybersecurity expert Miki Lee confirmed that TM Signal, despite its claims of end-to-end encryption, in practice transmits user messages to company servers in plaintext. The Android app’s source code revealed that data is not encrypted when archived—meaning that while users may see a familiar, secure interface, their communications may, in fact, be vulnerable to third-party access.
Of particular concern is the revelation that the application was used by high-ranking U.S. officials. During a National Security Council meeting, former National Security Advisor Mike Waltz was captured on camera with TM Signal open on his device. According to sources, he was communicating with Vice President J.D. Vance, Director of National Intelligence Tulsi Gabbard, and possibly Secretary of State Marco Rubio. Even if only one participant in a conversation uses the compromised application, the vulnerability jeopardizes the security of the entire exchange.
The internal architecture of TM Signal includes automatic copying of all messages to an archival server—a feature that may be intended to comply with regulatory requirements. However, this function entirely undermines the benefits of true end-to-end encryption, the hallmark of the original Signal. According to Lee, the very act of storing logs in an unencrypted format, coupled with the server vulnerabilities, points to a fundamental failure in the application’s security design.
The situation is further complicated by the fact that TeleMessage is an Israeli company acquired in 2024 by the American provider Smarsh. Despite its role as a U.S. government contractor, its products—including TM Signal—lack FedRAMP certification, casting doubt on their appropriateness for use within federal institutions. Moreover, as Senator Ron Wyden pointed out in a letter to the U.S. Department of Justice, TeleMessage’s leadership includes former members of Israeli intelligence, raising concerns that the products could serve as potential vectors for information leaks.
In his letter, Wyden asserted that the agencies that adopted TM Signal effectively introduced an insecure imitation of Signal into their communications infrastructure under the guise of a trusted platform. He urged the DOJ to investigate whether the company had misled the government by falsely claiming end-to-end encryption where none existed. The senator also questioned whether TeleMessage may have shared harvested communications with foreign intelligence services.
Following media reports, TeleMessage announced it was suspending TM Signal and launching an internal investigation. In a notice to clients, the company acknowledged that new user registrations had been halted, and those who had logged out would be unable to access the app again. However, the company has yet to provide direct answers regarding the extent and specifics of the compromise.
This incident once again underscores the critical issue of trust in third-party technology providers, particularly when dealing with the sensitive communications of senior officials. Vulnerabilities in systems marketed as secure, when widely adopted across government bodies, can result not only in data leaks but also in tangible threats to national security.
