Tension and anxiety brought on by the Signal attack... the Pentagon issues a warning about the extremely secure messaging app
Even for unclassified information, the US Department of Defense has issued an institutional warning against using the Signal messaging app. This warning comes days after senior national security officials accidentally included a journalist in a Signal conversation discussing bombing Houthi positions in Yemen. The leak exposed security vulnerabilities in official US government communications, not in the app itself. However, it is true that Russian hackers have been attacking Signal for months.
According to NPR , an internal Pentagon memo, dated March 18 and obtained by the source, warns of a "security vulnerability identified in the Signal messaging app." The document indicates that professional Russian hacking groups are using "connected device" features to spy on encrypted conversations and that Google has identified Russian hacking groups poised to attack the messaging app.
The incident occurred when Defense Secretary Pete Hegseth and other senior national security officials used the Signal app to discuss military operations against the Houthis. Jeffrey Goldberg, editor-in-chief of The Atlantic, was inadvertently added to the group and had access to these highly sensitive discussions.
A previous Defense Department memo from 2023, also obtained by NPR, already prohibited the use of mobile apps even for "unclassified, controlled information," which is far less important than information related to ongoing military operations. This new ruling sets a virtually nonexistent precedent for heads of defense, state, intelligence, and national security sharing such sensitive military information where it shouldn't be. It's not that Signal isn't secure, but there are some very dangerous ways to access it.
For his part, Signal spokesperson John Horada explained that the Pentagon memo does not question the app's security level, but rather warns users of so-called "phishing attacks." Once we learned that Signal users were being targeted and how they were targeted, we introduced additional security measures and in-app warnings to help protect users from falling victim to phishing attacks.