Urgent warning to Pentagon staff to stop using Signal over fears Russian hackers can infiltrate encrypted chats - days after White House war plans were leaked through messaging app
The Pentagon has issued a memo warning all staff members to stop using Signal, claiming Russian hackers had found a way to infiltrate encrypted conversations on the messaging app.
The Pentagon has issued a memo warning all staff members to stop using Signal, claiming Russian hackers had found a way to infiltrate encrypted conversations on the messaging app.
The OpSec (Operational Security) Special Bulletin, reportedly issued on March 18, came just days after the Trump administration mistakenly leaked war plans to a journalist in a shocking national security blunder.
A vulnerability has been identified in the Signal Messenger Application, the memo, first obtained by NPR, read. Russian professional hacking groups are employing the linked devices features to spy on encrypted conversations.
It went on to explain how hackers had figured out a way to embed malicious QR codes in phishing pages or hide them in group invite links, tricking Signal users into granting access to their accounts.
Once the target had unwittingly granted access to their account, the attackers could link their own devices, allowing them to read every message sent by the unknowing user in real time.
Signal, whose slogan encourages its users to speak freely, has long been championed as a more secure alternative to WhatsApp for people concerned about surveillance and intrusion due to its focus on end-to-end encryption.
But the technique employed by the hackers completely bypassed Signals security protocols as the nefarious actors were able to directly link their devices to their targets account.
The concerning memo arrived in Pentagon inboxes just three days after Jeffery Goldberg, Editor-in-Chief of the Atlantic, was included in a private group chat in which US Vice President JD Vance, Defence Secretary Pete Hegseth and National Security Adviser Mike Waltz discussed Washingtons plans to bomb Houthi rebels in Yemen.
The OpSec (Operational Security) Special Bulletin, reportedly issued on March 18, came just days after the Trump administration mistakenly leaked war plans to a journalist in a shocking national security blunder
US President Donald Trump and Secretary of Defense Pete Hegseth listen during an event in the Oval Office of the White House in Washington, DC, on March 21, 2025
US F/A-18 Super Hornet attack fighter jet taking off from the US Navys Nimitz-class USS Harry S. Truman aircraft carrier at sea on March 16, 2025 - hours after strikes on Houthi targets
National Security Advisor Michael Waltz appears to be the most endangered Trump official after The Atlantics editor-in-chief revealed he had been invited to a group chat to discuss an attack on Houthi rebels
Signal, whose slogan encourages its users to speak freely, has long been championed as a more secure alternative to WhatsApp for people concerned about surveillance and intrusion due to its focus on end-to-end encryption
A Signal spokesman sought to reassure the Pentagon, claiming that the apps security protocols had not been compromised and that developers had introduced increased security measures to protect against further phishing attacks.
He also underscored, however, that individual users were responsible for keeping their messages private.
Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks.
This work was completed months ago, Signal spokesman Jun Harada said.
But the blunder that saw White House officials provide a journalist with war plans has raised questions over why high-ranking individuals were discussing such sensitive topics on the messaging app at all.
Initially, it appeared that the Atlantics Goldberg was added to the private group chat by National Security Adviser Mike Waltz.
Waltz started the chat which included users identified as Vice President Vance and Defence Secretary Hegseth, as well as Secretary of State Marco Rubio, Director of National Intelligence Tulsi Gabbard, a CIA representative, Trump adviser Stephen Miller and White House Chief of Staff Susie Wiles.
According to Goldberg, who revealed the mishap to the world in an article published Monday, the messages he viewed featured information that could easily have been weaponised by enemies of the US to harm their personnel and assets.
What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that the Hegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the US would be deploying, and attack sequencing, he wrote.
But President Donald Trump came out in defence of Waltz, insisting that a low-level staffer was responsible for adding Goldberg to the conversation in an interview with Newsmax yesterday.
What it was, we believe, is somebody that was on the line with permission, somebody that worked with Mike Waltz, worked for Mike Waltz, at a lower level, had Goldbergs number or call through the app, and somehow this guy ended up on the call, he said.
Trump claimed that the chat wasnt classified, as I understand it and noted that the attack on the Houthis the group chat planned out was a tremendous success.
People gather by the rubble of a collapsed building at the site of a reported US air strike on Yemens Huthi-held capital Sanaa on March 24, 2025
Jeffrey Goldberg, the editor in chief of The Atlantic, made the jaw-dropping revelation on Monday when he found himself added to a conversation on Signal, an encrypted messaging app
Donald Trump believes that a staffer for National Security Advisor Mike Waltz allowed reporter Jeffrey Goldberg onto a group text that revealed the administrations war plans
A Signal spokesman sought to reassure the Pentagon, claiming that the apps security protocols had not been compromised and that developers had introduced increased security measures to protect against further phishing attacks
Concerns were first raised about attempts to compromise the Signal accounts of high-value targets last month.
Googles Threat Intelligence Group (GTIG) warned it had observed increasing efforts from Russia state-aligned threat actors to compromise Signal accounts used by individuals of interest to Russias intelligence services.
While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russias re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term, GTIG concluded.
The report also highlighted concerns about the vulnerabilities of Signals linked devices feature.
Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victims account to an actor-controlled Signal instance, the report stated.
If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victims secure conversations without the need for full-device compromise.
Analysts and commentators have therefore questioned why key members of Trumps administration were openly sharing details of international military operations on the app.
These are things that are absolutely basic, John Bolton, former national security adviser during the first Trump administration, told NPR.
These are Cabinet-level people in our government, and yet not one of them ever said: "Why are we on Signal?"