Ahead of the Signal leak, the Pentagon warned of the app’s weaknesses

Days before top national security officials accidentally included a reporter in a Signal chat about bombing the Houthi sites in Yemen, a Pentagon-wide advisory warned against using the messaging app, even for unclassified information.
“A vulnerability has been identified in the Signal messenger application,” begins the department-wide email, dated March 18, obtained by NPR.
The memo continues, “Russian professional hacking groups are employing the ‘linked devices’ features to spy on encrypted conversations.” It notes that Google has identified Russian hacking groups who are “targeting Signal Messenger to spy on persons of interest.”
In a statement to NPR, Signal spokesperson Jun Harada said, “We aren’t aware of any vulnerabilities or supposed ones that we haven’t addressed publicly.”
The Pentagon memo adds, “Please note: third-party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are not approved to process or store non-public unclassified information.”
The encrypted Signal app is what Defense Secretary Pete Hegseth and other leading national security officials within the administration used to discuss bombing Houthi earlier this month. The Atlantic editor Jeffrey Goldberg was inadvertently added to the group and privy to the highly sensitive discussions.
In the military, sending classified data over insecure channels is called “slippage” when it’s considered minor, but even that can be a career ender for a military officer.
At least as far back as 2023, a DoD memo, also seen by NPR, prohibited use of mobile applications for even “controlled unclassified information,” which is many degrees less important than information about on-going military operations.
There’s almost no precedent for the heads of Defense, State, Intelligence and National Security to be sharing such sensitive military intelligence in a forum that was known to be unsecured.
NPR’s Bobby Allyn contributed to this story.
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
After the CDC shooting, federal workers pressure RFK Jr. for more protections
More than 750 current and former HHS employees signed a letter to Health Secretary Robert F. Kennedy, Jr. demanding he stop spreading inaccurate information and guarantee the safety of the workforce.
Ticks are migrating, but scant surveillance may leave doctors in the dark on patient treatment
Health departments struggle to adequately survey for ticks to warn doctors about new species and the diseases they carry.
These brain implants speak your mind — even when you don’t want to
Brain-implanted devices that allow paralyzed people to speak can also decode words they imagine, but don't intend to share.
Trump’s return to ‘law and order’ highlights a sore spot for Democrats: crime policy
Democrats have struggled to counter GOP efforts to frame itself as the party of "law and order." Some see it as a problem of messaging, while others think past and current policies may be to blame.
Nerd! How the word popularized by Dr. Seuss went from geeky insult to mainstream
Nerd has been part of our lexicon for three-quarters of a century, its geeky meaning embodied by some of the most recognizable characters in film and TV, but its origin story is a bit murky.
Voting officials are leaving their jobs at the highest rate in decades
Some 2 in 5 of all the local officials who administered the 2020 election left their jobs before the 2024 cycle, new research has found.