Do Son 
The United States Customs and Border Protection (CBP) has officially acknowledged its use of the TeleMessage application—a clone of popular encrypted messengers like Signal and WhatsApp, enhanced with message archiving capabilities. However, following reports of a security breach and the discovery of critical vulnerabilities, the company ceased operation of its services, and CBP announced it had suspended the application’s use “as a precautionary measure.”
TeleMessage develops communication tools that closely mimic the appearance and functionality of mainstream messaging apps while adding backend features for message retention in compliance with data preservation regulations. According to CBP, the application was immediately deactivated upon discovery of the cyber incident, and an internal investigation remains ongoing. Interest in the system was sparked by a recent photograph showing former National Security Advisor to President Donald Trump, Mike Waltz, using TeleMessage Signal during a cabinet meeting. The image reveals him engaged in a conversation with Vice President J.D. Vance, Director of National Intelligence Tulsi Gabbard, and, reportedly, Secretary of State Marco Rubio.
Shortly after the photo’s publication, a series of data leaks involving TeleMessage came to light. A forensic analysis of the Android version of the application uncovered fundamental flaws in its security architecture. In response, the company suspended its services and stated that it had engaged an external team of experts to conduct a thorough investigation. TeleMessage, an Israeli firm, was acquired last year by the American company Smarsh, which has since emphasized that its other products remain unaffected and fully operational.
Media inquiries to CBP followed the discovery of evidence suggesting the agency’s use of TeleMessage in one of the leaked databases. It was also revealed that TeleMessage had been supplying its solutions to several federal agencies, despite the fact that its consumer-facing applications lacked certification under FedRAMP—the U.S. government’s official risk assessment program for cloud services.
Senator Ron Wyden has submitted a formal request to the U.S. Department of Justice, calling for an investigation into TeleMessage. In his letter, Wyden asserted that the company poses a significant national security threat, having marketed inherently insecure software to the presidential administration and other government entities.
The full list of federal departments utilizing TeleMessage has yet to be disclosed. Meanwhile, the fate of archived conversations and the scope of potentially compromised communications remains uncertain.
It is worth noting that CBP has also announced plans to implement a new facial recognition system capable of capturing images of all vehicle occupants entering the country—regardless of their location within the vehicle.
