Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Signal, the most secure messaging application widely available, has become an essential resource for journalists, leaks and other people concerned about privacy. But it is not infallible. And its shortcomings and its limits explain precisely why its use of the defense secretary Pete Hegseth and other senior defense officials of the Trump administration has shaken the worlds of national policy and national security.
The application made the headlines after the editor -in -chief of the Atlantic, Jeffrey Goldberg, Posted The Bombshell News That the Trump administration had accidentally added it to a signal group cat this month to discuss military strikes on Houthi targets in Yemen.
At first glance, it might not seem a major problem. Cybersecurity experts largely consider the signal as the main easy -to -use encrypted messaging service, and there has been no public report that it has ever been compromised by pirates.
The signal encryption protocol – The complicated algorithm that blurs the messages as sent, then describes them for recipients – is the basis of some of the most popular messaging applications, including Whatsapp and Imessage. In 2023, The signal began to update Its encryption to approach the hypothetical threat of a quantum computer that could break the less complicated encryption codes.
But the signal cannot protect people, even the members of the cabinet, if they accidentally say to send a message to the bad person, said Mallory Knodel, the founder of the Social Web Foundation, a non -profit organization that helped the social media networks in the Fediverse Implement encryption.
“The signal is as secure as for encrypted messaging from start to finish, but this leak was because they added an unreliable party to the cat,” she told NBC News Over Signal.
According to the Atlantic article, Goldberg was added to a group group cat who included sensitive national security discussions between Hegseth, vice-president JD Vance, national intelligence director Tulli Gabbard and national security advisor Mike Waltz. Goldberg described the pursuit of discussions for six days before retiring, while the rest of the group seemed to ignore that it was in the cat.
Goldberg has chosen not to publish what seemed to be very sensitive and classified information, including the name of a high high -ranking CIA official included in the cat and some specific details on the military operation.
A signal spokesperson refused to comment.
Discussing sensitive military issues on smartphones group cats is far outside the normal protocol, regardless of messaging application. Military coordination is generally carried out on one of the two government systems: a more systematic system called the network of secret internet protocol routers, or SIPRNET, for communications deemed secrets, and one called the joint global intelligence communication system, or JWIC, for top secrets. The two networks work as isolated communication systems not connected to the larger internet, making them less vulnerable to hacks and attacks.
The signal uses end-to-end encryption, which is designed for a specific threat: that someone, perhaps a government or a law enforcement agent, could intercept a message when it moves between the phone from one person to another.
End -to -end encryption rushes into the transit so that the receivers of this information cannot get it unless they have a specific code.
The application is not based on a single code to describe information; Instead, he creates a new code for each account. Even if Signal receives an order from the court to decipher a user’s message, he could not comply.
When hackers say that the United States says they work for Chinese intelligence has burst into telecommunications companies In the world of last year, including American companies AT&T and Verizon, they had access to conventional SMS on certain accounts. Which led to remarkable warning In December, some federal officials, including the FBI, that Americans should use encrypted messaging applications if they wanted to remain private.
But this is where signal usefulness – or any encrypted messaging application – ends.
It is not because the signal protects the messages in transit that it protects its users From other types of foul. A person who has full access to the telephone with a person, either remotely with sophisticated hacking software, or by physically acquiring it, can simply read a deciphered signal message.
It is the root of the concern of the commercial industry of spy software, in which companies rent powerful malicious software, like Pegasus, which hacates whole phones. While companies that offer this technology often say to rent it to governments only for national security uses, researchers have long documented These authoritarian regimes use technology to spy on activists, journalists and political opponents.
Although these spy software is not widely deployed against most people, senior government officials are among the greatest objectives for governments and intelligence agencies in espionage.
Last year, for exampleA Chinese hacking campaign targeted Donald Trump, Vance and the President of the time, Kamala Harris.
“The signal protects against external snops that listen to your private conversations,” News Riana Pfefferkorn, an expert in encryption policy at Stanford University, told NBC.
“It does not protect against the risk of access to foreigners to the device where you use the application. If a phone has been hacked and has been located in spy software, then your messages and other files on the device could be read without your knowledge,” she said.
A service note sent to staff members of the Ministry of Defense warned last week of using the signal, citing a Google report last month The fact that Russian intelligence has more and more attempted to encourage Ukrainian signal users to share personal information or give spies access to their signal accounts.
The signal offers a feature by which users can synchronize their accounts with other devices, such as second phones or laptops. A method that Google said that Russian intelligence services have deployed is to systematically try to encourage Ukrainians to synchronize their signal accounts with Kremlin controlled phones.
The report has not mentioned any example of compromise of signals.
