@Ruhrnalist
Trump Clowns use obscure Signal Clone...
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

#trump #signal #hacking #TeleMessage

Yesterday, Micah Lee (who is apparently unrelated to the hacker above, but involved in authoring the 404media article) started publishing an analysis of the #GPLv3 source code of the #Telemessage #Signal derivative.

And he found hardcoded credentials. This generally indicates a not very professional and secure) way of handling data. Something, if you see it, should rinf alarm bells.

Apparently, this also in this case seems indicative of how Telemessage.

https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/

Creating a secure messaging app is very hard. Creating secure archival for it is much harder.

In general, this essentially equals adding an additional participant to every chat. Something which has been tried and failed since the #Clipper chip and "Law Enforcement Agency Keys" aptly dubbed #LEAK.

The apparent amount of data extraction that goes along with #TeleMessage reminds me of saying:

"To get at all company secrets easily, sell them your password manager."

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

»The #SignalClone the #Trump Admin Uses Was Hacked: #TeleMessage, a company that makes a modified version of Signal that #archives messages for #government agencies, was hacked.« https://micahflee.com/the-signal-clone-the-trump-admin-uses-was-hacked/?eicker.news #tech #media #news

The #Signal Clone the #Trump Admin Uses Was #Hacked

A #hacker has #breached and stolen customer data from #TeleMessage , an obscure #Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages …The data stolen by the #hacker contains the contents of some direct messages and group #chats sent using its Signal clone, as well as modified versions of #WhatsApp , #Telegram , and #WeChat.
#privacy #security

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

"It is not true that an #archivingsolution properly preserves the security offered by an end-to-end encrypted messaging app like #Signal. Ordinarily, only someone sending a Signal message and their intended recipient will be able to read the contents of the message. #TeleMessage essentially adds a #3rdparty to that conversation by sending copies of those messages somewhere else for storage. If not stored securely, those copies could in turn be susceptible to monitoring…"

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

📰 "Haker włamał się i ukradł dane klientów z TeleMessage, mało znanej izraelskiej firmy, która sprzedaje zmodyfikowane wersje Signal i innych aplikacji do przesyłania wiadomości rządowi USA w celu archiwizacji wiadomości, dowiedział się 404 Media. Dane skradzione przez hakera zawierają treść niektórych bezpośrednich wiadomości i czatów grupowych wysłanych za pomocą klona Signal, a także zmodyfikowanych wersji WhatsApp, Telegram i WeChat. TeleMessage znalazł się ostatnio w centrum zainteresowania mediów po tym, jak Mike Waltz przypadkowo ujawnił, że korzystał z tego narzędzia podczas spotkania gabinetu z prezydentem Trumpem."

Red.: raczej włamywacz niż haker, ale zostawiłem oryginalne tłumaczenie.

Całość [EN]:
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

#TeleMessage #Signal #Trump #Waltz #security

#TeleMessage, that app used by the #Trump administration to archive Signal messages, has been #hacked. The #hacker managed to get some users' #Signal group chats and messages too. This is a hugely significant #breach not just for those individual customers, but also for the U.S. government more widely. #natsec #nationalsecurity https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/ #government #democracy #trump #hegseth

#TeleMessage's Signal backdoor app is getting lots of attention due to #Signalgate, but they have other products that function similarly for #Telegram, #WhatsApp, and #weChat.

Has literally _anyone_ audited their products before #signalgate? Do their apps make it clear to its users that they are using a backdoored version of the official apps? Is it #stalkerware? We need answers.

TeleMessage has wiped their web site within the last 12 hours.

#privacy #infosec #cybersecurity #intelligence

Looks like #TeleMessage has gutted its web site.

See what you did @micahflee!

#Signal #Signalgate #privacy

Ah, it seems #TeleMessage (the company behind that Signal fork called TM SGNL, used by Mike Waltz and possibly more members of the Trump administration) has woken up and blocked access to the source zips for their iOS and Android apps. Until yesterday they were publicly available at https://www.telemessage.com/developer/api-libraries/# now that page is gone. (it looked like this: https://archive.is/CLQLT)

Signal is AGPLv3 licensed, so hiding the sources could very well be a license violation. Oops.

cc @micahflee @ljrk FYI

TM SGNL, die obskure inoffizielle #SignalApp die Mike #Waltz nutzte kommt aus Israel und verstösst gegen die OS Bedingungen von #Signal Wer sich den Sourcecode mal ansehen will, findet hier ein Link dahin: micahflee.com/tm-sgnl-the-... #SignalGate #Trump #Unplugtrump #TMSGNL #Guy #TeleMessage

TM SGNL, the obscure unofficia...

@tomminieminen @rejzor Oh dear, I just saw that it's not even Signal. As Heather Cox Richardson said:

"Yesterday I identified incorrectly the messaging app newly fired national security advisor Michael Waltz was using at a Cabinet meeting on Wednesday as the unsecure Signal app. Joseph Cox of 404 Media identified the app as “an obscure and unofficial version of Signal” from “a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them.” As Josh Marshall of Talking Points Memo notes, this third-party app introduces even more insecurity into those White House communications."

#Signal #Security #Telemessage #ShittySpies #Infosec

#TeleMessage CEO: "From 1996 until 1999, Guy served as the head of the planning and development of one of the IDF’s Intelligence elite technical units."

TFW you add a backdoor to Signal and sell it as enterprise messaging management. That's quite "intelligent."

#signalgate

"On Thursday Reuters published a photograph of Waltz checking his mobile phone during a cabinet meeting held by Donald Trump. The screen appears to show messages from various top level government officials, including JD Vance, Tulsi Gabbard, and Marco Rubio.

At the bottom of Waltz’s phone’s screen is a message that looks like Signal’s regular PIN verification message. This sometimes appears to encourage users to remember their PIN, which can stop people from taking over their account.

But the message is slightly different: it asks Waltz to verify his “TM SGNL PIN.” This is not the message that is displayed on an official version of Signal.

Instead TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them. A page on TeleMessage’s website tells users how to install “TM SGNL.” On that page, it describes how the tool can “capture” Signal messages on iOS, Android, and desktop."

https://www.404media.co/mike-waltz-accidentally-reveals-obscure-app-the-government-is-using-to-archive-signal-messages/

#USA #Trump #Signal #Messaging #Privacy #DigitalArchiving #TeleMessage