Micah LeeMay 2
I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials

💡Update May 3, 2025: I have posted a follow-up, Here's the source code for the unofficial Signal app used by Trump officials. Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked Update May 6, 2025: I've written a new detailed

micahflee
blterribleMay 4
Show threadMicah Lee

The source code for the TM SGNL apps (basically a backdoored version of Signal used by Trump officials) is public! Since it's open source, I've pushed it to github for easier research https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/

iOS code: https://github.com/micahflee/TM-SGNL-iOS

Android code: https://github.com/micahflee/TM-SGNL-Android

Here's the source code for the unofficial Signal app used by Trump officials

💡Update May 4, 2025: I have published quite the follow-up story, if I may say so myself: The Signal Clone the Trump Admin Uses Was Hacked Update May 6, 2025: I've written a new detailed analysis. The findings are based on the TM SGNL source code and are corroborated by

micahflee
May 3 at 8:26pmWeb
Show threadMicah LeeMay 4
TeleMessage, the Israeli company that makes the modified Signal app used by Trump officials, was hacked. “I would say the whole process took about 15-20 minutes,” the hacker said https://micahflee.com/the-signal-clone-the-trump-admin-uses-was-hacked/
The Signal Clone the Trump Admin Uses Was Hacked

TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.

micahflee
Show threadSpace Catitude 🚀May 4
@micahflee
Why I am not surprised..?
Show threadharvey allbangersMay 4
@micahflee Micah, lmao. Micah.
Show threadROTOPE~1 May 4
@starchy @micahflee If I saw Micah sniffing around my shitty Signal clone, I would definitely flee.
Show threadJay Thoden van Velzen ☁️​🛡️​May 4
@micahflee inevitably... 😐
Show threadAlexander 😷May 5
@micahflee Maybe it's just me, but the parent company name almost matching a Russian spy agency is very amusing: https://en.wikipedia.org/wiki/SMERSH
SMERSH - Wikipedia

Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)May 3

@micahflee Wait, so they aren't even using the official version?!

This is dumber than I thought. We truly live in the dumbest timeline.

Show threadmkjMay 3

@chiraag Per a Reuters photo in the earlier blog post, the answer would be no.

@micahflee

Show threadHaris RazisMay 3
@micahflee nice blog post! They are as responsible as a third grader.
Show threadmkjMay 3

@micahflee Oh, yikes.

The real-world infosec people (as opposed to those in the movies) might well have a field day with this one.

Show threadSparrowsMay 3
@micahflee It's... a fucking bootleg copy. With vulnerabilities.
Oh, I'm feeling such mixed things right now. Disbelief, despair, and dark laughter.
Show threadApicultor 🐝May 3

@sparrows Bootlegged from their own website?

@micahflee

Show threadSparrowsMay 3
@apicultor @micahflee Fair, 'bootleg' isn't really an applicable term here. Deceitful sabotageware was hard to coin while trying not to laugh and cry.
Show threadzbrownMay 3

@sparrows @micahflee I mean, it's GPL — nobody has alleged a licence violation that I'm aware of, so not exactly bootleg.

In theory a tweaked ‘Signal for Government’ would be a good idea even, using a genuinely solid base to build a compliant messenger.

Alas that's not what happened here of course.

Show threadSparrowsMay 3

@zbrown @micahflee Thinking about it, and glancing at the README, it looks like the code is GPL, but all the Signal Foundation copyright has been brought over without editing, so it's bootleg in that sense.

But yeah, when I read it I was writing in shock and imprecise in my choice of words.

Show threadMcNeelyMay 4
@sparrows @micahflee sure but if we're honest with ourselves using a bootlegged copy with known vulnerabilities is ABSOLUTELY on point from the Trump administration
Show threaddalloMay 3
@micahflee what a time to be alive. Thanks a lot for all for this. It is both fascinating and frighting.
Show threadCassandrichMay 3
@micahflee LMAO, they weren't just using Signal to plan war crimes, but using a shitty amateur-hour backdoored Israeli fork of Signal to plan war crimes?? 🤦
Show threadMatt BlazeMay 3
@micahflee The security of the fake Signal app itself aside (for a moment), how are they loading this -off-label app on their personal iPhones? Are they making them managed devices? Or are they just jailbreaking the handsets and sideloading them that way?
Show threadNathan SalwenMay 3
@micahflee tl:dr It seems to contain hard-coded credentials.
Show threadJeff CraigMay 3
@micahflee How is this getting worse? It's almost impressive.
Show threadBurnaBeeMay 3
@micahflee Thank you for digging into this!
Show threadJames M.May 4
@micahflee excellent work, thank you!
Show threadBrian CampbellMay 4
@micahflee Looks like a GPL violation, as it seems to use some "androidcopysdk" which looks like it's implemented by them, to do the actual archiving, but I don't see source code for that available anywhere.