A Pentagon-wide email recently went out warning about Signal's vulnerability

Npr - Mar 25th, 2025

A Pentagon advisory issued a warning against using the Signal messaging app for unclassified information due to a vulnerability exploited by Russian hackers. The advisory, sent on March 18, highlights the threat posed by Russian professional hacking groups using the app's 'linked devices' feature to spy on encrypted conversations. Signal spokesperson Jun Harada claims no known vulnerabilities exist beyond those already addressed. The advisory reiterates that third-party apps like Signal are not approved for processing non-public unclassified information. Notably, Defense Secretary Pete Hegseth and other officials were using Signal for sensitive discussions about military operations in Yemen, which inadvertently included The Atlantic editor Jeffrey Goldberg, exposing highly sensitive information.

The implications of this advisory are significant, revealing a potential security lapse at high government levels. The Pentagon's memo reflects ongoing concerns about cybersecurity and the use of unsecured channels for military communication, known as 'slippage' when minor. Such incidents can severely impact military careers. The advisory follows previous DoD policies prohibiting mobile app use for controlled unclassified information, spotlighting a gap in adhering to security protocols. This incident underscores the critical need for robust cybersecurity measures in protecting sensitive government communications, especially against sophisticated foreign threats like those from Russian hacking groups.

Pentagon Pete Hegseth Cybersecurity National Security Signal App Russian Hacking Unclassified Information

Story submitted by Fairstory

RATING

6.2

Moderately Fair

Read with skepticism

The article presents an intriguing narrative about potential cybersecurity vulnerabilities in the Signal messaging app and its implications for national security. While it raises important issues of public interest, such as digital privacy and the security of government communications, the article's overall impact is tempered by a lack of detailed evidence and corroboration. The balance of perspectives could be improved by including more expert opinions and independent analyses, which would also enhance the source quality and transparency. Despite these limitations, the article is timely and relevant, engaging readers with its clear presentation and potential to provoke debate on the security of digital communications in sensitive contexts.

Accuracy

The article's accuracy hinges on several key claims that require verification. The claim about a Pentagon advisory warning against the use of Signal for unclassified information is significant, but the article does not provide direct evidence or a source document to substantiate this claim. Furthermore, while the article mentions a vulnerability in Signal being exploited by Russian hackers, it lacks specific technical details or corroboration from cybersecurity experts or official statements from Google, which is reportedly involved in identifying these hacking groups. Signal's spokesperson's denial of unaddressed vulnerabilities adds another layer of complexity, suggesting a potential discrepancy between the Pentagon's claims and Signal's public stance. Overall, while the article presents potentially plausible information, it lacks the corroborative evidence necessary for a higher accuracy score.

Balance

The article attempts to present a balanced perspective by including statements from both the Pentagon and Signal's spokesperson. However, the narrative leans slightly towards the Pentagon's perspective, perhaps due to the gravity of the claims about national security risks. While Signal's denial is mentioned, the article could benefit from additional independent expert opinions or cybersecurity analyses to provide a more rounded view of the situation. This would help in assessing the validity of the claims and understanding the broader context of cybersecurity threats.

Clarity

The article is generally clear in its presentation of the main claims, using straightforward language and a logical structure. It effectively outlines the key points and provides direct quotes to support its narrative. However, the complexity of the cybersecurity issues discussed could benefit from additional explanation or context to aid reader understanding. The article maintains a neutral tone, which helps in presenting the information clearly, but further elaboration on technical details would enhance comprehension for a general audience.

Source quality

The article cites an internal Pentagon email and a statement from a Signal spokesperson, which are credible sources. However, the reliance on an email 'obtained by NPR' without further sourcing or external verification limits the source quality. The article could enhance its credibility by incorporating insights from cybersecurity experts, government officials, or independent analysts. Additionally, the potential conflict of interest, given NPR's connection to the Signal Foundation, might affect the perceived impartiality of the reporting.

Transparency

The article discloses its sources to some extent, mentioning the Pentagon email and Signal spokesperson's statement. However, it lacks transparency regarding the methodology used to verify the claims. The disclosure of NPR's connection to the Signal Foundation is a positive aspect, though more context about how this might influence the reporting would be beneficial. Overall, while some transparency is present, the article could improve by providing more context and explanation of how the information was obtained and verified.