WASHINGTON, D.C . – Just days before a reporter was accidentally included in a Signal group chat with top security leaders about an attack on Yemen rebels, NPR claims the Pentagon sent a mass advisory warning against using the Signal app, even for unclassified information. We reached out to the Defense Department to authenticate the memo, but did not get a response.
According to NPR, a Pentagon-wide memo was sent out airing the concerns about using the Signal app claiming Russian hacking groups are using features to spy on encrypted conversations. The memo adds the hacking groups embed malicious QR codes in phishing pages or conceal them in group invite links, which helps them gain access via the malicious code, allowing them to view every message sent by the unwitting user in real time, bypassing the end-to-end encryption.
The memo also said third party messaging apps like Signal are permitted by policy for unclassified accountability/recall exercises but are not approved to process or store nonpublic unclassified information.
“Whatsapp has been cracked by the likes of China or Russia, whereas Signal is less common to hear about these things,” said Gregory Falco, assistant professor at Cornell University. “While encryption is a really useful tool and it is powerful, there aren’t that many ways cracking these things.”
Falco said the weakness is the phone.
“Let’s say there’s malware on your phone; that malware could read what’s going on in that encrypted app and that’s kind of where the risk is showing up,” said Falco. “Using these encrypted messaging systems- it’s not because the encryption is crackable necessarily. It’s because your phone might be compromised.”
While it’s not uncommon for government employees to use apps like Signal, Democrats are concerned over the use of the app discussing highly sensitive information.
“If someone intercepted off something on an unclassified phone which happens all the time and given it to the Houthis, to the Iranian sponsors, they would’ve had the time of the attack and the method of the attack and could try and thwart it,” said Sen. Elissa Slotkin (D- MI). “If anyone was to intercept this, God forbid, our sailors, our airmen, our US forces generally involved in this operation would’ve been at risk.”
