日本語
한국어
Tiếng Việt
简体中文
The source code for TM SGNL, an unofficial Signal app reportedly used by former Trump administration officials, has been leaked online, revealing hardcoded credentials and potential security flaws. This app was reportedly used by figures such as Mike Waltz, and possibly Pete Hegseth, JD Vance, and Tulsi Gabbard.
Source Code Released
Security researcher Micah Lee highlighted the availability of the source code after a URL, https://www.telemessage.com/wp-content/uploads/2024/12/Signal.zip, was shared privately. The file contains the Android source code for the application. Subsequently, links to both the Android and iOS versions of the TM SGNL Archiver source code were found on the TeleMessage website:
- TM SGNL Archiver source for iOS: https://telemessage.com/wp-content/uploads/2024/12/Signal-iOS-main.zip
- TM SGNL Archiver source for Android: https://telemessage.com/wp-content/uploads/2024/12/Signal.zip
GPLv3 License
The code is licensed under GPLv3, granting rights to access, analyze, modify, and redistribute the code, provided any derivative work is released under the same license.
Mirrored Repositories
Given the potential implications of high-profile officials using a modified version of Signal, mirrored repositories have been created on GitHub for easier access:
Android Code Analysis
Analysis of the Android version reveals a complete Git history, including contributor email addresses such as [email protected], [email protected], and [email protected]. The original Git origin pointed to a private GitLab server: https://TMGitlab.telemessage.co.il/client/Android/signalarchiver.git.
Vulnerabilities Discovered
The source code reportedly contains hardcoded credentials and other vulnerabilities, raising concerns about the security of communications conducted through the app.
Stay tuned for further analysis and updates on this developing story.