Cybersecurity experts point out that while the end-to-end encrypted communication application Signal is secure for daily use, it should not be used by government officials to discuss matters involving national security. This view was raised after former US President Trump's national security team unexpectedly pulled a reporter into a group chat that shared information on planned military actions against Iranian-backed Houthi rebels. The incident highlights the importance of using appropriate tools for sensitive communications.

Read Also...:

Top US officials shift blame for Signal chat leak to Defence Secretary Pete Hegseth

03-26, 2025

Trump says national security advisor doesn't need to apologise after journalist was added into group text discussing war plans

03-26, 2025

FBI launches task force targeting anti-Tesla 'domestic terrorism'

03-26, 2025

Papua New Guinea shuts down Facebook in test to stop 'pornography, misinformation, hate speech'

03-26, 2025

This incident has raised questions about the security of the Trump administration's sharing of classified information, as well as the safety of sharing sensitive national security secrets on platforms like Signal. Signal is a private communication application that focuses on security and privacy, using end-to-end encryption technology to ensure that users' communications are secure and untraceable. The company has previously criticized the British government for pressuring Apple to weaken core privacy technologies, which would allow the government to access customer information through backdoors, raising concerns about government overreach.

Signal President Meredith Whittaker recalled the US government's announcement last year that a large amount of American data had been stolen in a telecommunications attack, allegedly carried out by a Chinese hacking group called "Volt Typhoon." This attack was described as the "most serious telecommunications hacking attack" in the country's history. Whittaker wrote in the Financial Times: "How did the hackers do it? They exploited 'backdoors' integrated into telecommunications systems," highlighting the vulnerabilities inherent in certain system designs.

Cybersecurity experts generally believe that Signal is one of the most secure communication applications currently available. CyberCX Executive Director Liam O'Shannessy said that Signal's secure communication protocol method was adopted by its competitor WhatsApp a few years ago. O'Shannessy pointed out: "Encrypted communication services like Signal are generally the most secure level that communication applications can achieve, but weaknesses still exist." This is because clever cybercriminals may find ways to remotely access devices, which, in theory, could allow them to access Signal on the device, emphasizing the need for comprehensive security measures.

O'Shannessy added: "This is more common in Signal's desktop application, because desktop computers are more vulnerable to malware attacks than mobile phones. If you are in a group chat, it only takes one member of the group to have their device compromised." Dr. William Stoltz, a cybersecurity expert at the Australian National University, also agreed with this view. He pointed out that other applications may be installed on someone's phone, which may compromise the security settings of the device, creating additional attack vectors. Foreign intelligence agencies will often try to infiltrate personal devices by installing malware on the device, including screen mirroring, installing malware, or capturing keystrokes when someone is typing in an encrypted communication application.

Dr. Stoltz emphasized: "The reality is that there are security issues with both the application and the security of your own device. But ultimately, the question is how secure is the individual's device." CyberX's O'Shannessy said that in most cases, especially when it is not related to national security, the most likely risk when sharing sensitive information on Signal is human error. He explained: "The risk is always with the recipient, and whether they might take a screenshot or forward - or even accidentally - the information you share with them," underlining the importance of user awareness and training.

Defense experts say that transmitting classified information on applications like Signal may violate the Espionage Act. The information allegedly shared by members of the group included air strike targets and times. The name of a usually confidential CIA intelligence officer was also shared. The group appeared to include cabinet ministers and senior aides, including Vice President JD Vance, Defense Secretary Pete Hegseth, and National Security Advisor Mike Waltz. Strategist and retired Australian Army Major General Mick Ryan said it was very unusual and concerning to see such a security breach, highlighting the potential legal and operational consequences.

Ryan told the Australian Broadcasting Corporation radio station: "This is dangerous on multiple levels. First, you run the risk of leaking operations, which ultimately endangers the lives of military personnel. It also shows that there are systemic weaknesses in their communication methods, which adversaries such as Russia and China may exploit. This shows that they have an arrogant attitude that these conversations are secure, but that has proven not to be the case. This is a problem," emphasizing the multifaceted risks associated with such security lapses.

Dr. Stoltz of the Australian National University said that when handling classified information related to ongoing military operations, government officials are usually summoned to so-called Secure Compartmented Information Facilities (SCIFs). This is because such communication should take place within a physically controlled space, such as inside government buildings that have been screened and tested by network and physical security experts. Toby Murray of the University of Melbourne, who previously worked at the Department of Defense and specializes in cybersecurity, said that there are laws governing how classified information should be handled, ensuring proper protocols are followed.

Professor Murray added that there are specific government-approved systems for storing and transmitting classified information - Signal is not one of them. He said: "In the [Australian] Department of Defence, there are separate computer networks for storing and sending classified information. This is because classified information needs to be kept very secure. We need to ensure that it is not inadvertently leaked," illustrating the importance of using dedicated and secure systems for handling sensitive data.

Richard Buckland, a cybersecurity expert at the University of New South Wales, said that protecting devices requires supply chain assurance. Professor Buckland explained that the government sets up mechanisms during the delivery of technologies such as computers and telephones to ensure that they have not been tampered with. This proactive approach is essential for maintaining the integrity of secure systems.

Professor Buckland concluded: "Therefore, you will only be allowed to use anything other than these devices at certain security levels. Of course, for all the highest levels, you will be required to use dedicated secure equipment. I'm not saying that high school students are managing national security, but this situation looks like high school students are managing national security," highlighting the need for rigorous security protocols and the potential consequences of neglecting them.