I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Conversation
Notices
-
Embed this notice
Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 05:36:15 JST
Micah Lee
- Ryan Castellucci (they/them) :nonbinary_flag:, Rich Felker, Tim Chambers and Kim Scheinberg repeated this.
-
Embed this notice
Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 05:36:15 JST
Micah Lee
The source code for the TM SGNL apps (basically a backdoored version of Signal used by Trump officials) is public! Since it's open source, I've pushed it to github for easier research https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
iOS code: https://github.com/micahflee/TM-SGNL-iOS
Android code: https://github.com/micahflee/TM-SGNL-Android
In conversation permalink Attachments
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 04-May-2025 05:55:06 JST
Rich Felker
@micahflee LMAO, they weren't just using Signal to plan war crimes, but using a shitty amateur-hour backdoored Israeli fork of Signal to plan war crimes?? 🤦
In conversation permalink Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 04-May-2025 06:19:11 JST
Rich Felker
@Phosphenes @micahflee I haven't analyzed it but presumably the Israeli company that made the fork has some capacity for access to the phones running it. Folks reading it can probably fill in more details. We have the full development history available to look at.
In conversation permalink -
Embed this notice
Micah Lee (micahflee@infosec.exchange)'s status on Sunday, 04-May-2025 06:19:12 JST
Micah Lee
@dalias yup, well said
In conversation permalink -
Embed this notice
Phosphenes (phosphenes@mastodon.social)'s status on Sunday, 04-May-2025 06:19:12 JST
Phosphenes
For us non infosec folks, a back door means it's more leaky/less secure than regular Signal?
That the Israelis or whoever can spy on your communication, even if you didn't invite reporters from The Atlantic?
In conversation permalink -
Embed this notice
lj·rk (ljrk@todon.eu)'s status on Sunday, 04-May-2025 11:20:29 JST
lj·rk
@micahflee Found the source!
It's linked under the `/developer` path for API libraries, and they explicitly mention GPL so they're probably not in violation of licenses:
https://www.telemessage.com/developer/api-libraries/----
Some other info/links which you may or may not know already/or could be helpful:
This is their Play Store listing, including their Telegram capture but not Signal:
https://play.google.com/store/apps/developer?id=TeleMessageThis is linked from: https://www.telemessage.com/downloadapp/
There's also the WebApp (which first tries to auth via SSL Cert but fallbacks to mail / user-password): https://webchat.telemessage.com/
And the secure.-Subdomain with login window: https://secure.telemessage.com/
This FAQ lists other subdomains and ports:
https://www.telemessage.com/what-firewall-ports-must-be-opened-to-enable-enterprise-number-archiver-voice-call-wifi-usage/The REST-API described there can also be interfaced through their Java or PHP SDK:
https://github.com/TeleMessage/In conversation permalink Attachments