The signal, the most safely available messaging application has become a reference resource for journalists, leaks and other people concerned with privacy. But it is not infallible. And their deficiencies and limitations are precisely why their use of the Secretary of Defense Pete Hegseth and other defense officials of the Trump’s High Administration have shaken the worlds of national policy and security.
The application arrived at the headlines on Monday after the editor in chief of Atlantic, Jeffrey Goldberg, published Bombshell’s news that the Trump administration had accidentally added a signal group chat this month to discuss military attacks on HutÃes objectives in Yemen.
At first glance, it might not seem like an important problem. Cybersecurity experts consider that Signal is the main encryption messaging service easy to use, and there are no public reports that computer pirates have compromised.
The signal encryption protocol, the complicated algorithm that stir the messages as they are sent, then described for the recipients, is the basis of some of the most popular messaging applications, including WhatsApp and Imessage. In 2023, Signal began updating his encryption to address the hypothetical threat of a quantum computer that could break the less complicated encryption codes.
But Signal cannot protect people, even the members of the cabinet, if they accidentally tell him to send a message to the wrong person, said Mallory Knodel, founder of Social Web Foundation, a non -profit organization that has helped the social networks of social networks in Fediverse’s encryption.
“The signal is as safe as it becomes for encrypted messages from end to extreme, but this filtration was because they added an unreliable party to the chat,” News on Signal told NBC.
According to Atlantic’s article, Goldberg apparently added to a group of signals that included sensitive national security discussions between Hegesh, vice president JD Vance, National Intelligence Director Tulsi Gabbard and National Security Advisor Mike Waltz. Goldberg described the discussions that continued for six days before he retired, all while the rest of the group seemed not to know that he was in the chat.
Goldberg decided not to publish what seemed to be highly sensitive and classified information, including the name of a high -ranking CIA official included in the chat and some specific details about the military operation.
A signal spokesman declined to comment.
Discussing delicate military issues about group intelligent telephone chats is far from the normal protocol, regardless of messaging application. Military coordination is generally carried out in one of the two government systems: a routinely used system called Secret Internet Protocol Router Network, or SIPRNET, for communications that are considered secret, and one called a joint system of intelligence communications worldwide, or JWics, for the best secret. Both networks operate as isolated communications systems that are not connected to the largest internet, which makes them less vulnerable to pirates and attacks.
The signal uses end -to -end encryption, which is designed for a specific threat: that someone, perhaps a government or agent of the law, can intercept a message while traveling between the phone from one person to the other.
End -to -end encryption reviews the information in transit so that the receptors of that information cannot decipher it unless they have a specific code.
The application does not trust a single code to decipher information; Instead, create a new code for each account. Even if Signal receives a court order to decipher a user’s message, he could not comply.
When the computer pirates that the United States say they work for Chinese intelligence broke into telecommunications companies around the world last year, including US companies AT&T and Verizon, they obtained access to conventional SMS text messages in some accounts. That led to the remarkable warning in December of some federal officials, including the FBI, that Americans should use encrypted messaging applications if they wanted to stay private.
But that is where the signal utility ends, or any encrypted messaging application.
The fact that the signal protects traffic messages does not mean that you protect Its users of other types of thorny. A person who obtains full access to the unlocked phone from a person, whether remotely with sophisticated piracy software or acquiring it physically, can simply read a deciphered signal message.
That is the root of the concern of the spyware shopping industry, in which companies rent a powerful malicious software, such as Pegasus, which pirates whole phones. While companies that offer this technology often say they rent it to governments only for national security uses, researchers have long documented that authoritarian regimes use technology to spy activists, journalists and political opponents.
While this Spyware is not widely deployed against most people, senior government officials are some of the most important objectives for governments and intelligence agencies involved in espionage.
Last year, for example, a Chinese piracy campaign pointed to Donald Trump, Vance and then Vice President Kamala Harris.
“The signal protects against external Snoops listening to its private conversations,” Riana Pfefferkorn, an expert in encryption policy at Stanford University, told NBC.
“It does not protect against the risk that strangers access the device where the application is using. If a phone has been pirate and Spyware has been implemented, then its messages and other files on the device could be being read without their knowledge,” he said.
A note sent to the staff members of the Defense Department last week warned about the use of Signal, citing a Google report last month that Russian intelligence has increasingly tried to deceive users of the Ukrainian signal to share personal information or give spies access to their signal accounts.
Signal offers a feature by which users can synchronize their accounts with other devices, such as second phones or laptops. A method that Google said that Russian intelligence services have implemented is to systematically try to deceive Ukrainians to synchronize their signal accounts with phones controlled by the Kremlin.
The report did not quote examples of compromised signals.
