Summary
The Pentagon warned employees against using the encrypted messaging app Signal due to a potential vulnerability exploited by Russian hackers.
The warning came just before a security breach where top Trump administration officials, including the vice president and defense secretary, accidentally added a journalist to a Signal group chat discussing military strikes in Yemen.
The leak sparked outrage and criticism, though Trump downplayed it as a “glitch.”
Signal stated it was unaware of any unaddressed vulnerabilities.
So the vulnerability is that people at the pentagon fall for phishing scams. How is this a signal vulnerability? Seems like the memo is dumbed down to scare pentagon employees away from signal
It’s not a Signal problem, this is just bad journalism.
Signal also did an update one month ago to help mitigate phishing https://www.wired.com/story/russia-signal-qr-code-phishing-attack/
To be clear though, phishing was Not the problem in this case. Incompetence was the problem.
It depends on the context. If the pentagon has a chat app that only has authorized people with verified identities and using official devices in it, then using Signal introduces an attack vector that was not there before.
I mean, there are potential ways for Signal to minimize the ability for phishing but that would impede on functions which may be more valuable to users than shrinking the risk of phishing by 10%.