Israeli company TeleMessage, used by Trump WH, can access plaintext chat logs
micahflee
Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs
💡Update May 18, 2025: I described TeleMessage's trivial vulnerability in an article for WIRED: How the knock-off Signal app used by Trump offici...
Most detailed look at the app I have seen.
> Each archive plan has a source messaging app (like TM SGNL) and a destination, which is controlled by the TeleMessage customer. Destinations can include Microsoft 365, email servers (SMTP), or file servers (SFTP). The admin assigns TeleMessage users – like Mike Waltz – to an archive plan, which determines where their chat logs will get archived.
> Once the TM SGNL app sends chat logs to the archive server, the archive server is supposed to do something like this: It looks up the user that sent the chat log, then looks up that user's archive plan, then forwards the messages to destination defined in the archive plan (via SMTP or SFTP), and presumably (but who really knows for sure) deletes the chat logs from the archive server.
## Why Is TM SGNL So Terrible?
> Signal is the gold standard of end-to-end encrypted messaging apps.
> Messages are encrypted between endpoints – whether that's a phone running Signal, a computer running Signal Desktop, or even a phone running TM SGNL. The Signal server, and any internet eavesdroppers, cannot access the chat logs.
> However, once they're at an endpoint, they are in plaintext (if they weren't, you wouldn't be able to read your texts). At this point, they're protected by various forms of disk encryption depending on the device. This is how Signal messages sometimes end up as evidence in court records: someone's phone or laptop with Signal installed was searched, after the messages were already decrypted.
> TM SGNL completely breaks this security. The communication between the TM SGNL app and the final archive destination is not end-to-end encrypted.
> TeleMessage lies about this in their marketing material, claiming that TM SGNL supports "End-to-End encryption from the mobile phone through to the corporate archive."
The interesting thing about all of this. Companies using this service and government officials using it is the why. Why are they using it? Well, I have heard that many companies that used this service did so because of government regulations requiring the archiving of digital communications. I assume this is also the thought with the WH using this.
But it should be noted that TM SGNL, unlike Signal has not been approved for use in the government. I mean, it would be absurd if it were. Just when you think this story is over more details emerge :)
I'm not even gonna get into the fact that this company is very closely tied to Israeli intelligence. Its just too much, its just so absurd.
originally posted at
Stacker News
Israeli company TeleMessage, used by Trump WH, can access plaintext chat logs \ stacker news
Most detailed look at the app I have seen. Each archive plan has a source messaging app (like TM SGNL) and a destination, which is controlled by th...
