Russian hackers are reportedly infiltrating Signal group chats, taking advantage of a vulnerability within the messaging app’s “linked devices” feature, according to a Pentagon memo obtained by NPR. The memo, dated March 18, came just days after the U.S. bombed Yemen and five days after an incident in which senior Trump administration officials accidentally included a journalist in a Signal chat about the military operation.
Signal’s “Linked Devices” Vulnerability
The vulnerability is tied to Signal’s “linked devices” feature, which allows users to access their Signal accounts on multiple devices. Hackers are allegedly exploiting this feature by adding Signal accounts to their own devices, thus enabling them to eavesdrop on encrypted conversations. According to the memo, this flaw allows attackers to view every message sent by the user in real-time, undermining the app’s otherwise robust encryption.
The memo also provides steps for users to safeguard their Signal app, reinforcing the government’s policy that Signal can only be used for unclassified discussions. It is specifically not approved for handling nonpublic unclassified information, and all usage must comply with Department of Defense (DoD) and National Security Agency (NSA) policies.
Earlier in February, Google’s Threat Intelligence Group issued warnings about vulnerabilities in Signal. Google outlined how threat actors are exploiting this weakness by crafting malicious QR codes. When scanned by a victim, these codes link the victim’s Signal account to an attacker-controlled instance, allowing the hacker to receive real-time updates on conversations.
Google also predicts an increase in Signal breaches, particularly related to the ongoing war in Ukraine and other conflict zones. Similar attacks are also reportedly targeting other popular encrypted messaging apps like WhatsApp and Telegram.
Signal Responds to Pentagon Memo
In response, Signal stated that the Pentagon memo was misleading, clarifying that the so-called “vulnerability” was not related to Signal’s core technology but rather to phishing attacks targeting users. The company emphasized that phishing attacks are a constant threat for popular platforms and clarified that Signal had introduced new user flows and in-app warnings to help protect users from falling victim to such scams.
As for the incident involving the Signal chat among Trump officials, Secretary of Defense Pete Hegseth denied that any sensitive war plans were discussed in the chat. Typically, these types of conversations take place in highly secure facilities known as Sensitive Compartmented Information Facilities (SCIF), which are designed to protect national security information.
CIA Director John Ratcliffe and Director of National Intelligence Tulsi Gabbard, both of whom were participants in the Signal chat, also claimed they did not discuss classified information. Despite this, Democratic senators are pushing for the full transcript of the chat to be released to the committee. Senate Intelligence Ranking Member Mark Warner called for transparency, stating, “If there was no classified material, share it with the committee. These are important jobs. This is our national security.
Author’s Opinion
This situation should serve as a stark reminder of the importance of using secure channels for handling sensitive information. While Signal’s encryption technology is robust, the vulnerabilities introduced by user mistakes—whether due to phishing or linked device flaws—undermine the app’s security. It’s clear that discussions involving national security should never take place on platforms that are susceptible to such breaches. If government officials are going to continue using apps like Signal, stricter policies and guidelines need to be implemented to ensure that such mistakes are prevented in the future.
