In one of 2025’s most alarming security breaches, a modified clone of the Signal app, known as "TM SGNL," compromised sensitive government communications and exposed deep vulnerabilities in the use of foreign-built tech.
The clone, developed by Israeli tech firm TeleMessage and acquired by Smarsh in 2024, was intended to archive encrypted communications for compliance purposes.
Instead, it introduced serious vulnerabilities that were exploited by hackers, exposing sensitive government communications and raising concerns about foreign software vendors and operational security.
TM SGNL Security Breach: Key Events & Timeline
February 2024
- The US-based company Smarsh acquired TeleMessage.
March 2025
- Former National Security Adviser Mike Waltz accidentally added The Atlantic’s editor-in-chief to a Signal group chat discussing U.S. military operations in Yemen.
- WSJ and Axios reported that officials, including Waltz and Defense Secretary Pete Hegseth, were using Signal to coordinate discussions involving Russia and Ukraine.
May 1, 2025
- Reuters published photographs confirming Waltz was using "TM SGNL" at a cabinet meeting. It is not known whether White House officials began using TM SGNL after the initial Signal group chat, or before.
- Waltz was fired and quickly nominated to become U.S. Ambassador to the UN. Marco Rubio was named interim National Security Adviser.
May 4, 2025
- 404 Media reported that a hacker breached TeleMessage’s backend in under 20 minutes, accessing usernames, passwords, internal credentials, and message data from modified versions of Signal, Telegram, and WhatsApp.
May 5, 2025
- News sources reveal TeleMessage’s efforts to rebrand as "Capture Mobile."
- Additional reporting tied the company to Israeli military intelligence units, NSO Group, and Cellebrite.
- TeleMessage’s website was changed to a simple landing page that is non-functional.
- It was reported that Smarsh, the parent company, notified users, “it is not possible to register new users. Users that were logged out for their Apps will not be able to login again.”
