Signal clone used by Trump security advisor hacked, data may be leaked
The hacking of the Signal app clone exposes vulnerabilities in archived government communications and raises concerns over data security.
-
National Security Advisor Mike Waltz speaks during a television interview at the White House, May 1, 2025, in Washington (AP)
A Signal messaging platform clone used by Trump’s former National Security Advisor Mike Waltz has been hacked, raising fresh concerns over the security of archived communications tied to US government agencies.
According to a report by 404 Media, the breach targeted TeleMessage, a third-party application designed to mimic Signal while incorporating records retention management tools required by federal compliance standards. The app, reportedly used by various US government officials, modifies Signal’s interface to enable message archiving—a feature absent from the original platform, which emphasizes end-to-end encryption.
The anonymous hacker told 404 Media that they exploited a vulnerability in TeleMessage to gain access to backend systems, where they retrieved usernames, passwords, access panels, and snippets of chat content. Although Mike Waltz’s private communications were not compromised, data tied to other users, including officials from Customs and Border Protection and private firms like Coinbase, were reportedly exposed.
“I would say the whole process took about 15–20 minutes,” the hacker told 404 Media. “It wasn’t much effort at all.”
The hacker, who described the breach as an act of curiosity, said they chose not to report the vulnerability to TeleMessage, claiming the company would likely “try their best to cover it up.” Screenshots viewed by the outlet suggest that archived messages from clone versions of WhatsApp, Telegram, and WeChat may also have been compromised.
Just four days ago, US President Donald Trump sacked Mike Waltz and appointed him as the United Nations ambassador, while Secretary of State Marco Rubio would take over Waltz’s duties on an interim basis.
The Washington Post on Saturday reported that Waltz's removal came after months of internal friction over foreign policy direction, particularly regarding Iran.
Messaging platform’s security flaws raise alarm
The hacked platform, soon to be rebranded as Capture Mobile by its parent company Smarsh, was developed to fulfill government-mandated archiving rules. However, the incident has highlighted the risks of modifying the Signal messaging platform architecture for official use, particularly when robust encryption is replaced by vulnerable backend storage.
Neither Waltz nor the White House has responded to requests for comment. Smarsh, the Portland-based owner of TeleMessage, has also remained silent on the breach.
Signal, the original encrypted app known for its strict privacy protocols, distanced itself from such third-party adaptations. A spokesperson told Reuters the company “cannot guarantee the privacy or security properties of unofficial versions of Signal.”
Waltz under fire over app use during Yemen briefings
Public scrutiny of Waltz escalated last week after Reuters published a photo showing him using TeleMessage during a cabinet meeting with US President Donald Trump. His firing came just days later.
Waltz had reportedly created a Signal-based group to share real-time updates on US military operations in Yemen, but controversy erupted when a journalist was accidentally added to the group, allegedly by Waltz or another participant.
Since March 15th, more than 1,000 targets hit in Yemen during air campaign against Houthis. https://t.co/uBe7HVdIAe
— Mike Waltz (@MikeWaltz47) April 30, 2025
The group and the platform hosting it quickly became a focus of national security concern.
Around the end of March, Waltz had accepted full responsibility for creating the Signal group chat in which sensitive details about a planned US attack on Yemen were shared with a prominent journalist, stressing during an appearance on Fox News, "We made a mistake. We're moving forward."
Prioritizing archiving over encryption
While the cloned Signal messaging platform was intended to meet compliance demands, cybersecurity analysts now warn that such modifications may be opening new attack surfaces.
“If I could have found this in less than 30 minutes,” the hacker told 404 Media, “then anybody else could too. And who knows how long it’s been vulnerable?”
The incident has intensified debate over the use of unofficial or modified apps in federal environments, particularly those that aim to balance records retention management with operational secrecy. For now, the breach remains a stark warning about the risks of prioritizing archiving over encryption.