The U.S. Customs and Border Protection (CBP) agency recently confirmed its use of TeleMessage, a company that offers cloned communication apps like Signal and WhatsApp, with built-in archiving for regulatory compliance. This revelation comes in the wake of a cyber incident that led CBP to "immediately disable" the TeleMessage app as a precaution, according to spokesperson Rhonda Lawson.
The issue gained further visibility after a photograph surfaced showing former national security advisor Mike Waltz using TeleMessage Signal during a cabinet meeting, indicating he was in communication with high-ranking officials, including Vice President JD Vance and Director of National Intelligence Tulsi Gabbard. Since the image was made public, TeleMessage has reportedly experienced a series of security breaches that highlight vulnerabilities within the app. Analysis of its Android code suggested critical flaws in the security design, prompting TeleMessage—a company that was acquired by U.S.-based Smarsh last year—to temporarily suspend its services while investigating.
As the security concerns unfolded, U.S. Senator Ron Wyden expressed alarm in a letter to the Department of Justice, calling for an investigation into TeleMessage. He described the service as a "serious threat to U.S. national security" and pointed out that the company had sold insecure software to multiple federal agencies, including the White House. Despite the growing concerns, there has yet to be a complete list made public of governmental agencies utilizing the app.
It’s noteworthy that TeleMessage’s apps have not cleared the U.S. government’s Federal Risk and Authorization Management Program (FedRAMP), indicating that they are not approved for federal use. The ongoing investigation into TeleMessage’s security incident continues as they engage external cybersecurity experts to address the breach.
