0
On the Security of the Signal App in the Context of the Current US Leak
Hello User,
Currently, there's much discussion about the USA leak, in which high-ranking officials of the Trump administration, including Vice President J.D. Vance, Defense Secretary Pete Hegseth, CIA Director John Ratcliffe, and Security Advisor Michael Waltz, discussed militarily sensitive information about the Houthi militias via the Signal messaging app.
In the media, instead of the content there is increasing coverage about the security of the Signal app. From my perspective, this is misleading. Currently, there are no security concerns or known security vulnerabilities in the app itself.
Regardless of the discussed content (Europeans are "freeloaders" etc.), the Signal app should not suffer from this carelessness.
The security issues are rather with the users' smartphones and not the app itself. This aspect is unfortunately being overlooked in media reports. In fact, there is currently no security vulnerability or exploit for the Signal app.
The warning from the US Department of Defense about the leak is also frequently misinterpreted. This is merely about phishing QR codes for linked devices. This does not represent a security vulnerability in Signal itself, but describes the possibility of introducing a foreign QR code for pairing into an already compromised operating system, so that this device can read along with the messages. So this is about the pairing process, but with a QR code that doesn't come from your own device but from hackers. Here again, the security of the system or smartphone plays a role and not that of the Signal app.
There is currently no evidence that Signal is insecure or has a security vulnerability. I consider the US Department of Defense's warning regarding QR codes for pairing to be a diversionary tactic. This method would only work anyway if the corresponding smartphone itself had already been compromised.
If Signal is run on a secured device (and not on an outdated Android without updates or similar), no hacker in the world can decrypt these messages at the current time.
Regardless of what guidelines the US Department of Defense has for using communication tools or devices, communication within Signal was technically secure at all times.
The fact that a press representative from "The Atlantic" was invited to the conversations did not affect the technical security. Content security is another issue – however, the Signal app cannot be blamed for this. This is a human failure, not a technical one.
The question of whether the Signal app is secure can be answered with a clear "Yes" at the current time. On appropriately protected devices (with current updates), it is the most secure messaging app we currently have, even if many media are currently portraying this incorrectly.
I have been working with Signal for years. Here are some facts about it:
If you have questions about this, feel free to ask them here.
Regards,
Frank
Currently, there's much discussion about the USA leak, in which high-ranking officials of the Trump administration, including Vice President J.D. Vance, Defense Secretary Pete Hegseth, CIA Director John Ratcliffe, and Security Advisor Michael Waltz, discussed militarily sensitive information about the Houthi militias via the Signal messaging app.
In the media, instead of the content there is increasing coverage about the security of the Signal app. From my perspective, this is misleading. Currently, there are no security concerns or known security vulnerabilities in the app itself.
Regardless of the discussed content (Europeans are "freeloaders" etc.), the Signal app should not suffer from this carelessness.
The security issues are rather with the users' smartphones and not the app itself. This aspect is unfortunately being overlooked in media reports. In fact, there is currently no security vulnerability or exploit for the Signal app.
The warning from the US Department of Defense about the leak is also frequently misinterpreted. This is merely about phishing QR codes for linked devices. This does not represent a security vulnerability in Signal itself, but describes the possibility of introducing a foreign QR code for pairing into an already compromised operating system, so that this device can read along with the messages. So this is about the pairing process, but with a QR code that doesn't come from your own device but from hackers. Here again, the security of the system or smartphone plays a role and not that of the Signal app.
There is currently no evidence that Signal is insecure or has a security vulnerability. I consider the US Department of Defense's warning regarding QR codes for pairing to be a diversionary tactic. This method would only work anyway if the corresponding smartphone itself had already been compromised.
If Signal is run on a secured device (and not on an outdated Android without updates or similar), no hacker in the world can decrypt these messages at the current time.
Regardless of what guidelines the US Department of Defense has for using communication tools or devices, communication within Signal was technically secure at all times.
The fact that a press representative from "The Atlantic" was invited to the conversations did not affect the technical security. Content security is another issue – however, the Signal app cannot be blamed for this. This is a human failure, not a technical one.
The question of whether the Signal app is secure can be answered with a clear "Yes" at the current time. On appropriately protected devices (with current updates), it is the most secure messaging app we currently have, even if many media are currently portraying this incorrectly.
I have been working with Signal for years. Here are some facts about it:
- Signal uses end-to-end encryption, which is considered particularly secure. Messages can only be read by the sender and recipient; not even Signal itself has access to the content.
- The Signal Protocol (formerly Axolotl Protocol) is a cryptographic communication protocol for end-to-end encrypted message exchange, which is considered the "industry or gold standard" in instant messaging. It was later integrated in modified form into various other messengers such as WhatsApp, Wire, Conversations, etc.
- The app offers Perfect Forward Secrecy, which means that even if a long-term key is compromised, previous messages cannot be decrypted.
- Signal is completely Open Source, which means that the entire source code is publicly available and can be reviewed by experts.
- The app uses encrypted user profiles and does not store phone contacts or metadata on its servers.
- Signal offers additional security features such as the ability to verify security numbers to prevent man-in-the-middle attacks.
- Signal is funded as a non-profit organization through donations and places great emphasis on data privacy and security. The "Signal Foundation" is a non-profit organization. Signal Messenger LLC is a wholly owned subsidiary of the Signal Foundation and is responsible for the technical development of the messenger.
- Currently, there are no known security vulnerabilities in the Signal app itself.
If you have questions about this, feel free to ask them here.
Regards,
Frank
Share on Facebook
Share on X (Twitter)
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-ID: 671387
Url: https://rootdb.com/forum/on-the-security-of-the-signal-app-in-the-context-of-the-current-us-leak-671387.html
Printed on: March 31, 2025 at 12:03 o'clock