Sending Private Messages vs. Protecting Classified Info: When Signal Isn't Enough
Intensified Complications for Signal in the United States' Area
If you're looking for a reliable app for sending personal messages, Signal is a solid choice. But for sensitive government discussions? You might want to reconsider.
Last month, a shocking incident dubbed "Signalgate" occurred when it was revealed that US National Security Advisor Mike Waltz was discussing highly classified war plans on Signal group chats. Waltz was later fired and then nominated to be the U.S.'s U.N. ambassador (...yeah, the politics are bonkers).
The Signal Strategy Unravels
The administration's reliance on Signal for top-secret conversations certainly came under scrutiny after the accidental leak. The problem didn't stop there, though. On Thursday, photos emerged, and tech blog 404 Media zeroed in on Waltz's iPhone during the White House cabinet meeting. They spotted what seemed to be an ongoing conversation with government officials like Tulsi Gabbard (Director of National Intelligence), Marco Rubio (Secretary of State), and JD Vance (Vice President), featuring a non-standard Signal PIN verification message.
Upon closer inspection, this message read "TM SGNL PIN," which was actually a thread belonging to TeleMessage, a Signal "clone" that advertises as a way to archive Signal messages securely. Although the app claims it preserves the original app's secure messaging system, 404 Media points out that it boasts numerous security vulnerabilities.
Breach Exposure: Leaked Government Conversations
A drama of epic proportions unfolded when, on Sunday, 404 Media reported that a hacker had broken into TeleMessage's networks and made off with customer data. While the hacker didn't steal everything, they did snag some Direct Messages (DMs) and group chats, along with data from modified versions of other popular chat apps like WhatsApp, Telegram, and WeChat, all within a 15-20 minute hacking spree. The hacker didn't access Waltz's chats or those of any cabinet members, but they did obtain government officials' names, contact information, login credentials for TeleMessage's backend panel, and information pointing to which agencies might opt for the insecure messaging service.
Some of the stolen messages shed light on ongoing efforts to rally support for a cryptocurrency bill. One text read, "Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) didn't sign the opposition letter so they think the bill still has a good chance of passage in the Senate with 5 more Ds supporting it." The breach didn't expose classified information, but it did reveal conversations that the senders likely wouldn't have wanted in the public eye.
Why Is TeleMessage Insecure?
To grasp why TeleMessage is not a suitable option for classified communication, it's essential to understand what makes Signal secure. Signal chats are end-to-end encrypted, ensuring that the conversation is accessible only by the communicating parties. This encryption means that intercepted messages appear as jumbled code to unauthorized users.
TeleMessage breaks this security chain. To archive messages, it must first intercept the plain-text messages and store them, compromising the encryption process. Although the company claims it handles this securely, the recent hack demonstrates that end-to-end encryption is not foolproof. The information was stolen from data captured for "debugging purposes," an unintentional leak in TeleMessage's security chains.
Even before the hack, 404 Media questioned the service's security. They criticized the company for storing "end-to-end encrypted" messages in Gmail, a platform notorious for lacking end-to-end encryption. The outlet also raised concerns about the privacy and security of unofficial versions of Signal's app.
Signal: Personal Privacy, Not Classified Comms
All in all, Signal (and encrypted messaging apps like it) is an awesome tool for personal privacy concerns. Your messages will be safe from prying eyes unless someone gets physical access to your device.
However, there are still vulnerabilities in digital communication, and encryption isn't the only issue at hand. Hackers can exploit weaknesses such as using malware-like Pegasus-to burrow into targets' devices and access sensitive information, including encrypted data.
Apple frequently warns users of such threats, and Mike Waltz is no exception. Mike Casey, former Director of National Counterintelligence and Center, believes there's a "zero percent chance that someone hasn't tried to install Pegasus or some other spyware on [Mike Waltz's] phone...he is one of the top five, probably, most targeted people in the world for espionage."
But it's not just personal devices you need to worry about. If the other person in the conversation's device is compromised, it doesn't matter how secure your device is-your messages are at risk. In group chats, the security implications multiply.
While Signal is an excellent choice for personal communications, when it comes to classified information, it's best to stick with SCIFs (Secure Compartmented Information Facilities) to ensure top-notch security and privacy.
- The administration's use of Signal for top-secret discussions has come under scrutiny, especially after the revelation of Mike Waltz discussion of highly classified war plans on the app.
- The use of TeleMessage, a Signal "clone," for archiving Signal messages raises security concerns, as the app reportedly contains numerous security vulnerabilities and had recently experienced a hack, exposing customer data.
- The hack of TeleMessage's networks revealed conversations that likely wouldn't have been desired in the public eye, such as ongoing efforts to rally support for a cryptocurrency bill.
- Signal chats are end-to-end encrypted, ensuring the conversation is accessible only by the communicating parties, but TeleMessage breaks this security chain by intercepting and storing messages for archiving, compromising the encryption process.
- Mike Waltz's iPhone was spotted during a White House cabinet meeting with what seemed to be an ongoing conversation with government officials, featuring a non-standard Signal PIN verification message that could indicate use of TeleMessage.
- Classified information should be protected using Secure Compartmented Information Facilities (SCIFs) to ensure top-notch security and privacy, rather than relying on encrypted messaging apps like Signal.
