Signal, the most secure widely available messaging app, has become a go-to resource for journalists, leakers and other people concerned about privacy. But it’s not infallible. And its shortcomings and limitations are precisely why its use by Defense Secretary Pete Hegseth and other top Trump administration defense officials has rocked the worlds of politics and national security.
The app made headlines Monday after Atlantic editor-in-chief Jeffrey Goldberg published the bombshell news that the Trump administration had accidentally added him to a Signal group chat this month to discuss military strikes on Houthi targets in Yemen.
At first glance, it might not seem a major problem. Cybersecurity experts widely consider Signal to be the leading easy-to-use encrypted messaging service, and there are no public reports of its ever having been compromised by hackers.
Signal’s encryption protocol — the complicated algorithm that scrambles messages as they’re sent, then descrambles them for recipients — is the basis for some of the most popular messaging apps, including WhatsApp and iMessage. In 2023, Signal began updating its encryption to address the hypothetical threat of a quantum computer that could break less complicated encryption codes.
But Signal can’t protect people, even Cabinet members, if they accidentally tell it to message the wrong person, said Mallory Knodel, the founder of the Social Web Foundation, a nonprofit organization that has helped social media networks in the fediverse implement encryption.
“Signal is as secure as it gets for end to end encrypted messaging, but this leak was because they added an untrusted party to the chat,” she told NBC News over Signal.
According to the Atlantic article, Goldberg was seemingly added to a Signal group chat that included sensitive national security discussions among Hegseth, Vice President JD Vance, National Intelligence Director Tulsi Gabbard and national security adviser Mike Waltz. Goldberg described the discussions’ continuing for six days before he removed himself, all while the rest of the group appeared to be unaware that he was in the chat.
Goldberg chose not to publish what appeared to be highly sensitive, classified information, including the name of a high-ranking CIA official included in the chat and some specific details about the military operation.
A Signal spokesperson declined to comment.
Discussing sensitive military matters over smartphone group chats is far outside normal protocol, regardless of the messaging app. Military coordination is usually done over one of two government systems: a more routinely used system called the Secret Internet Protocol Router Network, or SIPRNet, for communications deemed to be secret, and one called the Joint Worldwide Intelligence Communications System, or JWICS, for top-secret ones. Both networks operate as isolated communications systems not connected to the larger internet, making them less vulnerable to hacks and attacks.
Signal uses end-to-end encryption, which is designed for a specific threat: that someone, perhaps a government or law enforcement officer, might intercept a message as it travels between one person’s phone to another’s.
End-to-end encryption scrambles information in transit so that receivers of that information can’t unscramble it unless they have a specific code.
The app doesn’t rely on a single code to descramble information; instead, it creates a new code for every account. Even if Signal receives a court order to decrypt a user’s message, it wouldn’t be able to comply.
When hackers who the United States says work for Chinese intelligence broke into telecommunications companies around the world last year, including the American companies AT&T and Verizon, they got access to conventional SMS text messages on some accounts. That led to the remarkable warning in December from some federal officials, including the FBI, that Americans should use encrypted messaging apps if they wanted to stay private.
But that’s where the usefulness of Signal — or of any encrypted messaging app — ends.
Just because Signal protects messages in transit doesn’t mean it protects its users from other types of snooping. A person who gains full access to a person’s unlocked phone, either remotely with sophisticated hacking software or by physically acquiring it, can simply read a decrypted Signal message.
That’s the root of the concern of the commercial spyware industry, in which companies lease powerful malicious software, like Pegasus, that hacks entire phones. While companies that offer that technology often say they lease it to governments only for national security uses, researchers have long documented that authoritarian regimes use the technology to spy on activists, journalists and political opponents.
While such spyware isn’t widely deployed against most people, top government officials are some of the biggest targets for governments and intelligence agencies engaged in espionage.
Last year, for example, a Chinese hacking campaign targeted the phones of Donald Trump, Vance and then-Vice President Kamala Harris.
“Signal protects against outside snoops listening in on your private conversations,” Riana Pfefferkorn, an encryption policy expert at Stanford University, told NBC News.
“It doesn’t protect against the risk of outsiders accessing the device where you’re using the app. If a phone has been hacked and has spyware implanted on it, then your messages and other files on the device could be getting read without your knowledge,” she said.
A memo sent to Defense Department staff members last week warned about using Signal, citing a Google report last month that Russian intelligence has increasingly tried to trick Ukrainian Signal users into sharing personal information or giving the spies access to their Signal accounts.
Signal offers a feature whereby users can sync their accounts with other devices, like second phones or laptops. One method that Google said Russian intelligence services have deployed is to systematically try to trick Ukrainians into syncing their Signal accounts with phones controlled by the Kremlin.
The report cited no examples of Signal’s being compromised.
