The application that the Trump White House has been using to collect and securely store messages sent on popular commercial encrypted apps has temporarily suspended service in the wake of a security breach, the application’s owner said on Monday.
The application, TeleMessage, is owned by Smarsh, a company based in Portland, Ore., which provides tools for governments to comply with record-keeping regulations and laws. Last week, a Reuters photograph of Mike Waltz, then the national security adviser, showed that he was using the application to read Signal messages on his phone.
On Sunday, 404 Media reported that a hacker had breached the Israeli company that makes TeleMessage and stolen the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat.
Smarsh declined to answer questions, but in a statement, a spokeswoman said that it was investigating “a recent security incident” and that, “Out of an abundance of caution, all TeleMessage services have been temporarily suspended.”
The use of Signal by Trump administration officials came to light after Mr. Waltz created a chat on the platform to discuss strikes on Houthi militants in Yemen, but inadvertently added a journalist from The Atlantic to the group.
It is not clear when Mr. Waltz started using TeleMessage. A federal judge ordered the messages from the original Signal chat be preserved, but government lawyers later told a court in a different case that messages from the original Signal chat had been deleted from one participant’s phone, that of John Ratcliffe, the C.I.A. director.
Security experts have raised concerns about the service, noting that installing such an application to archive encrypted messages creates numerous security vulnerabilities. WhatsApp and other messaging companies are actively attempting to ban TeleMessage.
The use of the TeleMessage system is something of a contradiction. Many people use encrypted apps like Signal so that information is sent securely and then automatically deleted. But U.S. government rules require officials to preserve their communications — driving some government lawyers to push for officials to use the TeleMessage clone.
While the company claims not to decrypt the messages and to archive them securely, the hack on TeleMessage as reported by 404 Media raised questions about the company’s security protocols.
Security experts have said the U.S. government should aggressively audit TeleMessage before continuing to use the service to archive Signal or other messages.
In its statement on Monday, Smarsh said it had hired an “external cybersecurity firm” to assist in its investigation of the TeleMessage breach.
