Signal affair: Modified messenger ceases operation after second break-in
The US government uses a modified app to communicate by signal. It is called TeleMessage, has been cracked twice and closed for the time being.
(Image: Bits And Splits/Shutterstock.com)
After an app for extracting messages from crypto messengers such as Signal was cracked for the second time, those responsible have shut down the application completely. This was reported by NBC News, citing a statement from the parent company behind the app called TeleMessage. When the intrusion was discovered, the company reacted quickly to contain it and commissioned an external company to analyze it, the company explained: "As a precaution, all TeleMessage services have been temporarily suspended." According to the report, at least one US authority, the US Border Patrol (CBP), has previously stopped the use of the app.
The app only came into the public eye in recent days after US President Donald Trump's then National Security Advisor was photographed in his cabinet using it on his smartphone. The application enables the use of crypto messengers such as Signal and WhatsApp, but overrides key security functions. For example, content is redirected so that it can be archived. However, this means that the security offered by end-to-end encryption is lost, as the messages are forwarded to TeleMessage, where they are stored. The source code of the application is allegedly now public and, according to initial analyses, shows glaring security gaps such as hard-coded access data – a kind of backdoor to the TeleMessage services.
Cracked twice
After the US magazine 404 Media reported at the weekend that TeleMessage had been hacked and that an unknown person had access to numerous chats, including from US authorities and the US Congress, NBC News has now learned of another intrusion. As the US news site writes, a credible person came forward on Sunday evening who had penetrated the central archive of TeleMessage and downloaded a lot of content. This was proven by screenshots. The person had not yet determined whether sensitive US government content was stored there. However, it is a different person from the one who announced a successful intrusion to 404 Media.
Videos by heise
The revelation that an app is being used in the US government, in US authorities and in US politics that undermines one of the most central security promises of crypto messengers such as Signal is the latest twist in the Signal affair. This began at the end of March when a renowned US journalist revealed that he had been inadvertently added to a group chat on Signal in which the US government shared classified information about US military strikes. Such commercial software on private mobile devices is completely unsuitable for such conversations. If such a modified version is used, the risk is even greater, as has now become clear.
(mho)
