As it turns out, including a reporter in your national security leader group chat about military strikes isn't the only way to compromise sensitive information on Signal. NPR reported on Tuesday that, days after the Trump administration's preposterous and dangerous national security fumble, the Pentagon issued a warning against using the messaging app due to a phishing vulnerability.
"A vulnerability has been identified in the Signal messenger application," a department-wide email obtained by NPR reads. "Russian professional hacking groups are employing [Signal's] 'linked devices' features to spy on encrypted conversations." The publication says the memo states that Russian hacking groups are "targeting Signal Messenger to spy on persons of interest."
A Signal spokesperson told NPR that the memo wasn't about Signal's security but about phishing attacks on the platform. So, if you're using the app, be especially mindful of attempts to trick you into linking devices to your account. Or simply communicate through different channels.
The Pentagon directive follows a scandal that, at least in previous eras, would have ended the careers of a long list of high-profile officials. (In this one… who knows?) The Atlantic editor-in-chief Jeffrey Goldberg reported on Monday that a group of Trump administration national security officials inadvertently included him in a Signal group chat discussing military strikes in Yemen.
The chat included Defense Secretary Pete Hegseth, Vice President JD Vance, National Security Adviser Michael Waltz, Secretary of State Marco Rubio, Intelligence Director Tulsi Gabbard, CIA Director John Ratcliffe and Deputy White House Chief of Staff Stephen Miller, among others. They — with Goldberg essentially CC'd — discussed the timing, targets and weapons involved in bombing Houthi sites in Yemen.
A 2023 Department of Defense memo prohibited using mobile apps for even "controlled unclassified information." NPR notes that military planning is many degrees more sensitive than that.
The entire Atlantic article is worth a read, but a few gems from the chat include Hegseth's writing, "I fully share your loathing of European free-loading. It's PATHETIC." And, "Nobody knows who the Houthis are — which is why we would need to stay focused on: 1) Biden failed & 2) Iran funded."
Adding to the "It would be hilarious if it weren't so dangerous" nature of the fiasco, Hegseth went on camera to deny the chat's authenticity after the White House confirmed it.
Although the fallout is still taking shape, here's an early taste. Watch below as retired US Navy captain and current US Senator Mark Kelly grills Gabbard and Ratcliffe on Capitol Hill on Tuesday.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-pentagon-warns-government-officials-that-signal-is-being-targeted-by-russian-hackers-203436757.html?src=rss