So is the case with Trump administration officials: Last month, we learned that highly sensitive war plans were being discussed in Signal group chats, after Jeffrey Goldberg, editor-in-chief of The Atlantic, was accidentally added to the conversation by then-U.S. National Security Advisor Mike Waltz. (Trump has since fired Waltz—and then nominated him to be U.N. ambassador.)
However, 404 Media spotted that this wasn't Signal's usual PIN verification pop-up: The message says "TM SGNL PIN," which is the PIN verification screen for TeleMessage, a Signal "clone" that advertises itself as a way to archive your Signal messages. While the app claims it does not break Signal's secure messaging system to archive messages, 404 Media reports that the service as advertised has many security vulnerabilities.
Some of the stolen messages appeared to show a discussion about an ongoing effort to whip up votes in support of a cryptocurrency bill. One text read, "Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.” The hack didn't expose classified information, but it did reveal political conversations that the senders likely never intended to be printed in the press.
Why is TeleMessage insecure?
Signal chats are end-to-end encrypted. That means when you talk to someone over the app, only you and the recipient can access the conversation. When you send a message, that text is encrypted in transit, and decrypted when it reaches the other user's device. If someone were to intercept the message in transit, it would look like a scramble of code—only the devices of the people in the chat can decrypt the message and return it to a readable form.
TeleMessage, on the other hand, breaks that security chain. In order to archive those messages, TeleMessage must first intercept them as plain-text and store them. While the company says that they do so while maintaining security, the fact that this hacker was able to obtain DMs proves end-to-end encryption is broken. The stolen information was taken from data captured for "debugging purposes," an unintended leak of decrypted data in TeleMessage's security chain. It doesn't matter if the service stores all messages in an encrypted archive: The company handles decrypted data in insecure ways, which leaves it open for hackers to access.
Signal is great for personal use—not classified information
Signal—and other end-to-end encrypted services like it—are great for personal security. Your messages cannot be accessed by anyone without physical access to the trusted devices involved, which goes a long way toward protecting your digital privacy.
Hackers know that these messages can only be decrypted by the devices involved. So, a great way to break that security is to hack the devices themselves. Hackers use malware like "Pegasus" to silently stow away onto a target's device and access sensitive data—encrypted data included.
Of course, that's just the concern with your own personal device. You also have to worry about the other end of the conversation. If you're chatting with someone over an encrypted chat app, and their phone is compromised, it doesn't matter how secure you are: Your messages are vulnerable. They don't even need to be hacked: They could leave their phone unlocked for anyone to pick up and access. And if you're talking in group chats—like Trump administration officials have been—the security implications only multiply.
There is risk involved in all digital communication: It's up to you to decide what risk level the data you're transferring is worth. For most personal conversations, you're probably just fine sticking with an encrypted service like Signal. If you're discussing details that could put lives at risk, however, it might be best to keep it in the SCIF.
Read More Details
Finally We wish PressBee provided you with enough information of ( The US Government's Signal Situation Just Got Worse )
Also on site :
- Emmy Predictions: Talk/Scripted Variety Series — The Variety Categories Are Still a Mess; Netflix, Dropout, and ‘Hot Ones’ Stir Up Buzz
- Ex-Bellingcat child porn researcher commits suicide after conviction for abusing own child – media
- Khloe Kardashian and Podcaster Totally Gush Over Each Other and Fans Are Swooning