Signal is a publicly available app that provides encrypted communications, but it can be hacked. It is not approved for carrying classified information. On March 14, one day before the strikes, the Defense Department cautioned personnel about the vulnerability of Signal, specifically that Russia was attempting to hack the app, according to a U.S. official who was not authorized to discuss the matter publicly and spoke on the condition of anonymity.
One known vulnerability is that a malicious actor, with access to a person’s phone, can link his or her device to the user’s Signal and essentially monitor messages remotely in real time.
This reads to me like Signal has weaknesses. Also, just so everyone is aware:
The Signal Technology Foundation, commonly known as the Signal Foundation, is an American Non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton. Its mission is to “protect free expression and enable Secure communication through Open source Digital privacy”. Its subsidiary, Signal Messenger LLC, is responsible for the development of the Signal messaging app and the Signal Protocol.
Signal is an open-source, encrypted messaging service for instant messaging , voice calls, and video calls . The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.
Calling it a “vulnerability” that someone with full access to an authorized device can use it to authorize another device is crazy. That’s not Signal’s issue, that’s an issue with your device security. The app has to trust the logged in user; if it doesn’t, then even displaying the data could be a breach.
This reads to me like Signal has weaknesses. Also, just so everyone is aware:
The Signal Technology Foundation, commonly known as the Signal Foundation, is an American Non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton. Its mission is to “protect free expression and enable Secure communication through Open source Digital privacy”. Its subsidiary, Signal Messenger LLC, is responsible for the development of the Signal messaging app and the Signal Protocol.
Signal is an open-source, encrypted messaging service for instant messaging , voice calls, and video calls . The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.
Calling it a “vulnerability” that someone with full access to an authorized device can use it to authorize another device is crazy. That’s not Signal’s issue, that’s an issue with your device security. The app has to trust the logged in user; if it doesn’t, then even displaying the data could be a breach.