Hackers Target TeleMessage, Signal Clone App with Sensitive Data Exploit
Security researchers and a U.S. government agency are warning that hackers are targeting the Signal clone app TeleMessage in an effort to steal users' private data. The company, which markets modified versions of Signal, WhatsApp, and Telegram for corporations and government agencies, has already experienced at least one data breach in May.
TeleMessage gained notoriety earlier this year after high-ranking officials in the Trump administration were revealed to be using the app. In May, the company was hacked, with unknown attackers stealing the contents of users' private messages and group chats, including from Customs and Border Protection, and the cryptocurrency giant Coinbase.
GreyNoise, a cybersecurity firm with visibility into what hackers are doing on the internet thanks to its network of sensors, has published a post warning that it has seen several attempts to exploit a flaw in TeleMessage. The flaw, designated officially as CVE-2025-48927, was originally disclosed in May.
"I was left in disbelief at the simplicity of this exploit," said GreyNoise researcher Howdy Fisher in a post analyzing the flaw. "After some digging, I found that many devices are still open and vulnerable to this." According to the researcher, exploiting this flaw is "trivial," and it seems that hackers have taken notice.
The U.S. cybersecurity agency CISA has listed the flaw to its catalog of Known Exploited Vulnerabilities, a database that collects security bugs that are known to have been exploited by hackers. In other words, CISA says hackers are successfully exploiting this bug.
At this point, however, no hacks against TeleMessage customers have been publicly reported. But the warning from GreyNoise and CISA highlights the potential risks for users of the app.
To contact us with more information about these attacks or TeleMessage, please reach out via Signal at +1 917 257 1382, Telegram, and Keybase @lorenzofb, or email. We'd love to hear from you.
The Flaw: A Simple yet Devastating Exploit
The flaw in TeleMessage is a vulnerability that allows hackers to access "plaintext usernames, passwords, and other sensitive data." According to Fisher, exploiting this flaw is "trivial," and it seems that hackers have taken notice.
GreyNoise researcher Howdy Fisher analyzed the flaw and discovered that many devices are still open and vulnerable to the exploit. "I was left in disbelief at the simplicity of this exploit," he said. "After some digging, I found that many devices are still open and vulnerable to this."
The Risks: What Can Happen if Hackers Succeed
If hackers are able to exploit the vulnerability against their targets, they could access sensitive data, including plaintext usernames, passwords, and other personal information.
According to Fisher, exploiting this flaw is "trivial," but it's a devastating outcome for users of TeleMessage. The potential risks are significant, and it's essential that users take steps to protect themselves.
The Importance of Security Awareness
The incident highlights the importance of security awareness and the need for companies like TeleMessage to prioritize user security.
"I was left in disbelief at the simplicity of this exploit," said Fisher. "After some digging, I found that many devices are still open and vulnerable to this." The warning from GreyNoise and CISA serves as a reminder that security is not just about technology, but also about human behavior and awareness.
What Can You Do?
To protect yourself from potential attacks, it's essential to stay informed and take steps to secure your device and data.
"I was left in disbelief at the simplicity of this exploit," said Fisher. "After some digging, I found that many devices are still open and vulnerable to this." The warning from GreyNoise and CISA serves as a reminder that security is not just about technology, but also about human behavior and awareness.
Stay vigilant, stay informed, and take steps to protect yourself from potential attacks. Contact us with more information or concerns.