GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 05:36:15 JST Micah Lee Micah Lee

    I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/

    In conversation about a year ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: micahflee.com
      TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
      Yesterday, a Reuters photographer captured a photo of the freshly-ousted former National Security Advisor Mike Waltz checking his Signal messages during a Trump cabinet meeting. If you're not familiar with Waltz, he's most well known for inviting The Atlantic's editor-in-chief to secret Trump administration war crimes Signal group. They discussed,
    • Ryan Castellucci (they/them) :nonbinary_flag:, Rich Felker, Tim Chambers and Kim Scheinberg repeated this.
    • Embed this notice
      Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 05:36:15 JST Micah Lee Micah Lee
      in reply to

      The source code for the TM SGNL apps (basically a backdoored version of Signal used by Trump officials) is public! Since it's open source, I've pushed it to github for easier research https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/

      iOS code: https://github.com/micahflee/TM-SGNL-iOS

      Android code: https://github.com/micahflee/TM-SGNL-Android

      In conversation about a year ago permalink

      Attachments



      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        GitHub - micahflee/TM-SGNL-Android: Backdoored Signal app, used by senior Trump officials like Mike Waltz, downloaded from the official TeleMessage website
        Backdoored Signal app, used by senior Trump officials like Mike Waltz, downloaded from the official TeleMessage website - micahflee/TM-SGNL-Android
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Sunday, 04-May-2025 05:55:06 JST Rich Felker Rich Felker
      in reply to

      @micahflee LMAO, they weren't just using Signal to plan war crimes, but using a shitty amateur-hour backdoored Israeli fork of Signal to plan war crimes?? 🤦

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Sunday, 04-May-2025 06:19:11 JST Rich Felker Rich Felker
      in reply to
      • Phosphenes

      @Phosphenes @micahflee I haven't analyzed it but presumably the Israeli company that made the fork has some capacity for access to the phones running it. Folks reading it can probably fill in more details. We have the full development history available to look at.

      In conversation about a year ago permalink
    • Embed this notice
      Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 06:19:12 JST Micah Lee Micah Lee
      in reply to
      • Rich Felker

      @dalias yup, well said

      In conversation about a year ago permalink
    • Embed this notice
      Phosphenes (phosphenes@mastodon.social)'s status on Sunday, 04-May-2025 06:19:12 JST Phosphenes Phosphenes
      in reply to
      • Rich Felker

      @micahflee @dalias

      For us non infosec folks, a back door means it's more leaky/less secure than regular Signal?

      That the Israelis or whoever can spy on your communication, even if you didn't invite reporters from The Atlantic?

      In conversation about a year ago permalink
    • Embed this notice
      lj·rk (ljrk@todon.eu)'s status on Sunday, 04-May-2025 11:20:29 JST lj·rk lj·rk
      in reply to

      @micahflee Found the source!

      It's linked under the `/developer` path for API libraries, and they explicitly mention GPL so they're probably not in violation of licenses:
      https://www.telemessage.com/developer/api-libraries/

      ----

      Some other info/links which you may or may not know already/or could be helpful:

      This is their Play Store listing, including their Telegram capture but not Signal:
      https://play.google.com/store/apps/developer?id=TeleMessage

      This is linked from: https://www.telemessage.com/downloadapp/

      There's also the WebApp (which first tries to auth via SSL Cert but fallbacks to mail / user-password): https://webchat.telemessage.com/

      And the secure.-Subdomain with login window: https://secure.telemessage.com/

      This FAQ lists other subdomains and ports:
      https://www.telemessage.com/what-firewall-ports-must-be-opened-to-enable-enterprise-number-archiver-voice-call-wifi-usage/

      The REST-API described there can also be interfaced through their Java or PHP SDK:
      https://github.com/TeleMessage/

      In conversation about a year ago permalink

      Attachments






      1. Domain not in remote thumbnail source whitelist: www.telemessage.com
        The Ambiguous Allure Of End-To-End Messaging Encryption
        from @TeleMessage1
        End-to-end encryption, utilizing a pair of encryption keys, is one of the most sought-after security features in most consumer messaging apps presently used in the workplace.
      2. Domain not in remote thumbnail source whitelist: avatars.githubusercontent.com
        TeleMessage - Overview
        TeleMessage has 2 repositories available. Follow their code on GitHub.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.