A modified version of the secure messaging app Signal, used by former National Security Adviser Mike Waltz, has been hacked, according to a new report by tech outlet 404 Media.
The app in question, TeleMessage, is developed by an Israeli company and marketed as a secure alternative to Signal for government and enterprise use, with features for message archiving and compliance. Public procurement records show the platform is in use by a number of US agencies, including the State Department and the Centers for Disease Control and Prevention.
According to 404 Media, an unidentified hacker exploited a vulnerability in TeleMessage’s backend systems and gained access to user messages. The hacker reportedly provided the outlet with samples of intercepted material, some of which were independently verified. No communications from Waltz or other members of former President Donald Trump’s cabinet were breached, according to the report.
Waltz hit the headlines after a Reuters photographer captured him using TeleMessage during a cabinet meeting. The incident followed a scandal last month in which Waltz reportedly created a Signal group chat to share real-time updates on US military operations in Yemen. In a critical error, a journalist was accidentally added to the group, prompting an outcry over the improper handling of sensitive information. Just one day after the photo surfaced, Waltz was dismissed from his post.
While TeleMessage maintains an interface and user experience similar to Signal, its backend infrastructure differs significantly and is customized to meet government compliance requirements.
The hacker told 404 Media their motivation was curiosity about the platform’s security and expressed distrust toward TeleMessage, claiming they avoided reporting the vulnerability directly because they feared the company would “try their best to cover it up.”