US: TeleMessage Stores Plain Text Messages from Custom Signal Variant

By Netvora Tech News

---

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that TeleMessage, a company that offers customized versions of popular chat apps like Signal, WhatsApp, Telegram, and WeChat, is storing plain text messages from its users. This is done through its custom Signal variant, known as TM SGNL, which is nearly identical to the original Signal app, except that it archives a copy of every message sent on a customer-specified destination.

Unsecured Communication Channel

According to security researcher Micah Lee, the communication between the TeleMessage Signal variant and the archiving server is not end-to-end encrypted, despite documentation to the contrary. This means that plaintext, unencrypted versions of the messages are transmitted. The archiving server then sends these messages to their final destination. "After TM SGNL decrypts the messages, it sends plaintext chat logs to TeleMessage's archiving server," Lee explained. "At that point, many people can access the chat logs."

Potential Security Risks

Lee also discovered that the archiving server was hosted in Amazon's public cloud, which is not a approved location for storing classified information. This means that malicious Amazon employees or outsiders could potentially access the chat logs. Furthermore, the server was open to anyone who sent HTTP requests to it, allowing them to try to obtain chat logs as a response.

Security Vulnerability

The security vulnerability, identified as CVE-2025-47729, was dubbed a "hidden functionality" by TeleMessage. According to the company, its backend stores messages from TM SGNL users, which is "other functionality" than what is described in its documentation. The CISA has confirmed that the vulnerability is being actively exploited and advises against using the product until a solution is available.