Top Trump administration officials used the messaging app Signal to share war plans and accidentally included The Atlantic magazine’s Editor-in-Chief Jeffrey Goldberg in the encrypted group chat. Goldberg published a first-hand account on Monday detailing a discussion that happened over the app, hours before strikes on Iran-backed Houthi rebels in Yemen ordered by President Donald Trump.
Signal is an app that can be used for direct messaging, group chats, and phone and video calls. As the app uses end-to-end encryption for its messaging and calling services, a third party cannot view conversation content or listen in on calls.
“In other words, messages and calls sent on Signal are scrambled and only the sender and recipient at each end will have the key to decipher them,” according to an explainer by The Associated Press.
Signal also does minimal data collection and includes a feature that allows for automated message deletion within a certain time frame, adding another layer of data protection.
Moreover, Signal’s encryption protocol is open source, meaning experts can verify how it works and ensure it remains safe.
Can Signal be hacked?
According to experts, Signal is much more secure than conventional texting. However, the app can still be hacked. For instance, in February, Mandiant, a Google-owned security firm, reported that Russian-linked spies tried to hack into the Signal accounts of Ukrainian military officials by posing as trusted Signal contacts.
Jacob Williams, a former hacker at the US National Security Agency (NSA), told Politico that one of the biggest risks of using Signal is where the data can be stored.
Story continues below this ad
“People can link Signal messaging to a desktop application,” he said.
“This means that Signal data is being delivered to potentially multiple desktop and laptop computers where it is not being stored in a phone’s secure enclave. That data is then at risk from commodity malware on the system.”
This is one of the reasons why Signal is not “accredited for classified data”, according to Williams.
During the Joe Biden administration, officials most commonly used the app to notify someone that they should check for a classified message sent through other means, a government official told The AP.
Story continues below this ad
Ideally, sensitive information, including top secret military plans, should have be relayed in a secure compartmented information facility (SCIF), which can be a secure room or a data centre that guards against electronic surveillance and suppresses data leakage.
Who uses Signal in the US government?
Signal has gained popularity in recent months in Washington, particularly after it was revealed last December that Chinese state-sponsored hackers had infiltrated US telecommunications networks and stolen a large cache of Americans’ cell phone records. The hackers had also allegedly spied on the conversations of senior US political leaders, including Trump and Vice President J D Vance.
According to a recent review by The AP, state, local and federal officials in nearly every US state have accounts on encrypted messaging apps such as Signal. The review also found that “many of those accounts were registered to government cell phone numbers. Some were also registered to personal numbers.”