TeleMessage Archiving Backend Plaintext Message Access Vulnerability

A vulnerability exists in the TeleMessage archiving backend, which, through May 5, 2025, stored cleartext copies of messages from users of the TM SGNL (Archive Signal) app. This functionality contradicts TeleMessage's advertised end-to-end encryption from mobile devices to corporate archives. The issue was exploited in the wild, leading to unauthorized access to sensitive communications, including those related to U.S. Customs and Border Protection and other financial institutions.

Impact

The vulnerability allows TeleMessage to access unencrypted chat logs from its customers, including sensitive government communications.

Reproduction

The vulnerability can be reproduced by using the TeleMessage Signal archiving app, which is available through a mobile device management service tied to Apple or Google enterprise accounts. Once the app is installed and linked to a Signal account, it can archive messages without proper encryption, potentially exposing them to unauthorized access.