A hacking incident involving an unofficial version of Signal has raised fresh alarms about the security of sensitive U.S. government communications. The breach, confirmed by tech platform 404 Media, targeted TeleMessage, an alternative messaging app that mimics Signal’s interface and functionality. The app was reportedly used by former National Security Adviser Mike Waltz, who served under President Donald Trump.
TeleMessage, developed by Oregon-based Smarsh, is currently undergoing rebranding as “Capture Mobile.” Unlike Signal, which provides end-to-end encryption designed to block unauthorized surveillance, TeleMessage includes additional functionalities for message capturing and storage. This feature, meant to help organizations comply with legal documentation and retention standards, may have inadvertently introduced vulnerabilities.
Hacker Claims Access to Message Data
According to 404 Media, an unidentified hacker infiltrated the backend infrastructure of TeleMessage, gaining access to user communications. The individual provided the outlet with examples of intercepted messages, some of which were independently verified. Although the hacker claimed to have accessed user content, they reportedly did not breach any conversations involving Waltz or other Trump cabinet members.
The breach has sparked concern over Waltz’s decision to use a non-official messaging platform for highly sensitive communications. A Reuters photograph taken at a recent cabinet meeting appeared to show Waltz using the app, suggesting its use during high-level governmental discussions.
Scandal Surrounding Yemen War Updates
Waltz’s use of TeleMessage comes in the wake of a separate controversy that erupted earlier this year. He had allegedly created a Signal group to disseminate real-time updates about U.S. military operations in Yemen. The situation became particularly controversial after he, or someone using his credentials, mistakenly added a well-known journalist to the group. The incident immediately prompted criticism over improper handling of classified military communications.
Although Waltz was removed from his position last Thursday, the broader implications of his digital communication practices continue to resonate within national security circles. Critics argue that using unofficial or poorly vetted communication tools for sharing confidential updates represents a critical vulnerability, especially when national defense is involved.
Official Reactions and Verification Attempts
Attempts to contact Smarsh and TeleMessage for comment have so far gone unanswered. Neither Waltz nor the White House responded to inquiries about the matter. Meanwhile, Reuters has stated that it could not independently verify the claims published by 404 Media.
A spokesperson from Signal emphasized that the company cannot ensure the safety or privacy of unofficial versions of its application. This caution underscores the potential risks associated with adopting modified or third-party tools that imitate Signal’s core functionalities without its robust security infrastructure.
Underlying Risks of Message-Capturing Platforms
While applications like TeleMessage serve a niche purpose—capturing decrypted messages for organizational compliance—they inherently introduce a tradeoff between usability and security. If such tools are improperly configured or implemented, they can become targets for cyberattacks, as demonstrated in this incident.
The breach has triggered a deeper review of the communication protocols used at the highest levels of the U.S. government. In particular, it raises questions about how officials vet the tools used to exchange real-time updates, especially when those updates pertain to military activity or national defense.
Broader Concerns for Government Tech Security
This event is the latest in a string of cybersecurity issues involving government officials’ use of messaging applications. As global threats continue to evolve, experts argue that government communications must be protected by certified and thoroughly tested platforms to prevent data leaks, breaches, or exploitation by foreign adversaries.
Moving forward, security analysts and policymakers may push for stricter controls over the use of third-party communication apps within the government. Whether this breach leads to further regulatory scrutiny remains to be seen, but the incident has already prompted a deeper conversation about digital hygiene at the highest levels of leadership.
