[HN Gopher] TeleMessage, used by Trump officials, can access pla...
___________________________________________________________________
TeleMessage, used by Trump officials, can access plaintext chat
logs
Author : micahflee
Score : 135 points
Date : 2025-05-06 20:17 UTC (2 hours ago)
(HTM) web link (micahflee.com)
(TXT) w3m dump (micahflee.com)
| dang wrote:
| Recent and related:
|
| _Technical analysis of the Signal clone used by Trump officials_
| - https://news.ycombinator.com/item?id=43875476 - May 2025 (313
| comments)
| ChrisArchitect wrote:
| _Mike Waltz Accidentally Reveals App Govt Uses to Archive
| Signal Messages_
|
| https://news.ycombinator.com/item?id=43865103
| proactivesvcs wrote:
| I'd find it useful if _I_ could access my Signal chat logs in
| plaintext. The software offers no facility to do this on any
| platform, and on Desktop the programs that have allowed me to
| take proper backups are (by necessity) a moving target because of
| changes to the database, so I am constantly having to get around
| to updating them and occasionally even that 's a pain.
| XorNot wrote:
| It'd also be useful if backups on Android actually streamed
| somewhere off the phone so they could be meaningfully appended
| to, kept. Or handled per channel (i.e. my baby pictures channel
| with family).
| proactivesvcs wrote:
| ...and if the restore process wasn't so fragile. The only
| time I needed to backup and restore it just crashed part-way
| through, so the backup process wasn't even doing any
| validation.
| hedora wrote:
| The lack of encrypted (and cross platform) backups is the
| biggest security hole I know of in Signal.
|
| People inevitably end up working around it, which can mean
| using SMS, copying the threads / screenshots / attachments
| to arbitrary other storage, or switching to things like
| TeleMessage because of record keeping requirements.
|
| I wish Signal were less hostile towards forks. I'd happily
| switch to a client that uses their network, but that's
| compatible with iCloud backup.
| nicce wrote:
| That would hit the Google One revenue if people would use
| alternatives...
|
| But also, it must have something to do with law enforcement.
| On the other hand, Google may say that forensic investigation
| of phone is harder (if no jailbreak), but on the otherhand it
| is easier to hand over the data behind the scenes from the
| remote cloud.
|
| Backups are not E2EE by default (user can enable, so they
| have an argument), so in most cases law enforcement can
| access WhatsApp messages, SMS messages and anything else
| without a problem. Many people don't think about this, and
| defaults matter.
| walterbell wrote:
| PhotoSync can incrementally backup iOS/Android photos to
| self-hosted or cloud storage targets, with optional
| encryption, https://www.photosync-app.com/support/encryption
| JumpCrisscross wrote:
| > _I 'd find it useful if I could access my Signal chat logs in
| plaintext_
|
| I'd probably also find it useful if I could access your Signal
| chat logs in plaintext. That's the problem.
| theyknowitsxmas wrote:
| Anyone can change the client name and build it to mislead baddies
| when photographed in public.
| woah wrote:
| This is simply a 4d chess move by a team of geniuses
| csours wrote:
| Oh dear, this seems to be a bit of a footgun.
| tptacek wrote:
| Isn't that the point?
| Aurornis wrote:
| No, the point is for the government to have access the
| plaintext after it is securely delivered to an approved archive
| location, not TeleMessage having access on AWS-hosted servers
| exposed to the public internet.
|
| TeleMessage pitched their service as using end-to-end
| encryption of the message into the corporate archive.
|
| > End-to-End encryption from the mobile phone through to the
| corporate archive
|
| Apparently the plaintext messages were going to a TeleMessage
| server on AWS (not an approved government archive location)
| that was publicly accessible. Naturally it was hacked.
| fnordpiglet wrote:
| I doubt that's the point either. The government should have
| cipher text they are able to decrypt in an approved archive
| location with rigorously managed key material and a careful
| cryptographically variable chain of custody from its
| inception. Plain text should never factor into this.
| matthewdgreen wrote:
| The US government does have storage facilities and secure
| messaging tools with escrow, all designed for exactly this
| use-case (secure messaging amongst DoD personnel.) But the
| whole point of Signal+TeleMessage was to route around that
| "clunky stuff" by outsourcing it to a vendor.
| iAMkenough wrote:
| Why would they need to hire a foreign Israeli firm for that?
|
| Through this procurement decision, the government has
| displayed gross incompetence.
| hedora wrote:
| Presumably, in the spectrum of secure network protocols,
| something exists between "delete the message before it can
| leave this machine" and "send this message to a cloud provider
| and have them email it in plain text to another cloud
| provider".
| pvg wrote:
| If you're sending plaintext of out of an ostensible e2ee
| system, it's not an e2ee system. You have an 'end' that's
| not, you know, end-to-end.
| deepsun wrote:
| And Email protocol backbone itself was not designed to be
| secure.
|
| It's worse than internet packets over HTTPS -- the secure
| connection is established between client and server, so man-
| in-the-middle cannot decrypt it. In email, connections are
| only secure between relays, so any relay can decrypt read
| your email. You cannot guarantee what relays are used.
| Similar to SMS.
| ziddoap wrote:
| It's supposed to be available in plaintext to the end customer
| (government), at their secured archive, but not available in
| plaintext to TeleMessage.
|
| > _TeleMessage lies about this in their marketing material,
| claiming that TM SGNL supports "End-to-End encryption from the
| mobile phone through to the corporate archive."_
|
| Surely someone of your expertise and renown recognizes this
| difference.
| JumpCrisscross wrote:
| > _Isn 't that the point?_
|
| The point is making SecDef's communications, including scramble
| orders, available to whoever can find a TeleMessage employee
| who will cave to a bribe or blackmail?
| fnordpiglet wrote:
| These are the guys trying to jail Krebs for being honest. They
| earned the "experts" they deserve.
| actionfromafar wrote:
| And still there is ample support for the administration, also
| here. I am curious how much of it is through cognitive
| dissonance and not thinking too hard about the stuff a
| particular supporter don't like, and how of it is with eyes
| open embracing the crazy and the incompetence for some "higher
| goal" whatever that may.
|
| (It also probably is very different, all from "own the libs"
| through "escalate the second coming of Christ" or any
| combination thereof.)
| yapyap wrote:
| genius
| aeontech wrote:
| Why bother hacking your phone and installing a keylogger when we
| can convince your IT department to buy it and install it for your
| entire team. Have to say, this is pretty epic.
___________________________________________________________________
(page generated 2025-05-06 23:01 UTC)