Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The president of secure messaging app Signal has defended the security of the service following the Trump administration leak of Yemen strike plans to a journalist.
While not directly responding to the “Houthi PC small group” leak, Signal has ramped up its discussions about security.
The app shot down misinformation regarding claims that the app has vulnerabilities after the Pentagon sent out a memo saying that “a vulnerability has been identified in the Signal Messenger Application”.
However, as Signal pointed out, the memo was not regarding an actual vulnerability in its platform but was instead a warning that Google identified “Russian professional hacking groups” using Signal messenger to spy on “persons of interest” through phishing and the “linked devices” feature.
“Right now, there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications,” said Signal
“The memo used the term ‘vulnerability’ in relation to Signal – but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users.
“Phishing isn’t new, and it’s not a flaw in our encryption or any of Signal’s underlying technology. Phishing attacks are a constant threat for popular apps and websites.
“In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events.”
Additionally, Signal president Meredith Whittaker defended the security of the messaging app in response to claims made by journalist Will Cathcart that there was effectively no difference between Signal and WhatsApp.
“Signal is the gold standard in private comms. We’re open source, nonprofit, and we develop and apply e2ee and privacy preserving tech across our system to protect metadata and message contents,” she said, adding that WhatsApp uses Signal cryptography for protecting message contents, the same does not ring true for the business version. Additionally, metadata is not protected by either.
The Yemen strike leak occurred just days before the 15 March strikes on Yemen, when the editor-in-chief of The Atlantic, Jeffrey Goldberg, said he was sent a connection request on Signal by a user going by “Michael Waltz”, better known as the national security adviser of the United States.
Goldberg accepted the connection request despite not believing that the user was the real Michael Waltz.
Two days later, he was then invited to a group chat called the “Houthi PC small group”, where it was revealed that the US was planning to launch strikes on Yemen.
Be the first to hear the latest developments in the cyber industry.
