A Signal-style messaging app used by former National Security Adviser Mike Waltz has been hacked, raising serious concerns about the security of government communication tools. The app, called TeleMessage, is designed to mimic Signal’s interface while adding message archiving features to meet federal record-keeping rules. But a report from 404 Media revealed that a hacker exploited a vulnerability in the system’s backend to gain access.
While no messages from Waltz or other top Trump officials were compromised, the breach did expose archived conversations from other users. These included data linked to government agencies like Customs and Border Protection, as well as private companies such as Coinbase. The hacker said they accessed usernames, passwords, backend controls, and chat snippets—all within just 15 to 20 minutes. They described the process as surprisingly easy.
Acting alone and out of curiosity, the hacker chose not to report the breach. They believed TeleMessage would try to cover it up. Using intercepted login credentials, they were even able to view content from modified versions of apps like WhatsApp, Telegram, and WeChat.
So far, the company behind TeleMessage, Smarsh, hasn’t responded. Smarsh is currently rebranding the app as Capture Mobile. The White House and Waltz also haven’t issued any public comments.
Signal, known for its strong encryption, quickly distanced itself from the clone, stating it can’t guarantee the security or privacy of unofficial versions of its app.
Waltz was removed from his position last week after it was revealed he had created a Signal group to track U.S. military activity in Yemen. A journalist was accidentally added to the group, sparking controversy. The incident has reignited debate over the use of customized secure apps in government settings. Added features like archiving may help with record-keeping, but they can also open the door to new vulnerabilities.
“If I could find this in under 30 minutes,” the hacker said, “anyone could.”
