The communication app TM Signal, used by Trump administration officials for archiving messages, has faced security breaches and a temporary service pause. Research by Micah Lee reveals that its archiving functions violate core security principles by transmitting messages without end-to-end encryption, potentially compromising usersâ communications to TeleMessage's access. Lee's analysis, bolstered by a hack of TM Signal, shows that plaintext logs of messages contradict the app's advertised security features. Additionally, despite being a federal contractor, its consumer apps lack FedRAMP authorization, raising further concerns about data protection.
"The fact that there are plaintext logs confirms my hypothesis," Lee tells WIRED. "The fact that the archive server was so trivial for someone to hack, and that TM Signal had such an incredible lack of basic security, that was worse than I expected."
In collaboration with 404 Media, he had previously reported on a hack of TM Signal over the weekend, which revealed some user messages and other dataâa clear sign that at least some data was being sent unencrypted, or as plaintext, at least some of the time within the service.
Collection
[
|
...
]