Russian Hackers Are Trying to Break Into Signal Chats, Pentagon Warns

Russian hackers are breaking into Signal group chats, according to a Pentagon memo obtained by NPR. The memo was sent on March 18—three days after the US bombed Yemen and five days after top Trump officials accidentally included a journalist on a Signal chat group about it.

“A vulnerability has been identified in the Signal messenger application,” the memo says. At issue is Signal’s “linked devices” feature, which allows a user to access their account on multiple devices. Russian hackers are reportedly taking advantage of this to add Signal accounts to their own devices and eavesdrop on what should be encrypted conversations. “This allows the group to view every message sent by the unwitting user in real time,” says the memo.

The Pentagon memo provides steps to “safeguard your Signal application,” and reiterates the government’s Signal policy. It permits the use of Signal for discussions about unclassified information but the app is “NOT approved to process or store nonpublic unclassified information,” it says. All uses must “abide by DoD and NSA/CSS policy.”

In February, Google’s Threat Intelligence Group warned about vulnerabilities with Signal, and outlined how a “linked devices” attack works.

“Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim’s account to an actor-controlled Signal instance,” Google says. “If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim’s secure conversations without the need for full-device compromise.”

Google expects Signal breaches to “grow in prevalence in the near-term,” related to the war in Ukraine and “regions outside the Ukrainian theater of war.” Other similar apps, such as WhatsApp and Telegram, are also being actively targeted with similar techniques.

In response to the March 18 memo, Signal told NPR it wasn’t “aware of any vulnerabilities or supposed ones that we haven’t addressed publicly.”

Regarding the Signal chat among Trump officials, Secretary of Defense Pete Hegseth insisted that “nobody was texting war plans.”

Typically, sensitive conversations take place in a secure room that top-ranking officials have in their offices and homes, called a Sensitive Compartmented Information Facility (SCIF).

In a hearing today on Capitol Hill, CIA Director John Ratcliffe and Director of National Intelligence Tulsi Gabbard, both of whom were on the “war plans” Signal chat, claimed they did not discuss classified information.

Democratic senators pushed them to release the full chat transcript. “If there was no classified material, share it with the committee,” said Senate Intelligence Ranking Member Mark Warner. “You can’t have it both ways. These are important jobs. This is our national security.”

About Emily Forlini

Senior Reporter

I’m the expert at PCMag for all things electric vehicles and AI. I’ve written hundreds of articles on these topics, including product reviews, daily news, CEO interviews, and deeply reported features. I also cover other topics within the tech industry, keeping a pulse on what technologies are coming down the pipe that could shape how we live and work.

Read Emily’s full bio

Read the latest from Emily Forlini