This article is from the source 'bbc' and was first published or seen on . The next check for changes will be
You can find the current article at its original source at https://www.bbc.com/news/articles/c1kjd091019o
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| What is messaging app Signal and how secure is it? | What is messaging app Signal and how secure is it? |
| (30 days later) | |
| The messaging app Signal has made headlines after it emerged it had been used to discuss war plans at the highest levels of the US government. | |
| In March, the White House confirmed it was used for a secret group chat about air strikes against the Houthi group in Yemen, to which the editor-in-chief of the Atlantic, Jeffrey Goldberg, was inadvertently added. | |
| In April, the New York Times and others reported US Defence Secretary Pete Hegseth shared information about the same military action in a second private Signal group, which his wife, brother and personal lawyer were members of. | |
| Signal's creator Matthew Rosenfeld - who is better known by the pseudonym Moxie Marlinspike - has joked the "great reasons" to join the platform now include "the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations". | |
| But others are not seeing the funny side, with Democrat Senate leader Chuck Schumer calling it "one of the most stunning" military intelligence leaks in history and calling for an investigation. | But others are not seeing the funny side, with Democrat Senate leader Chuck Schumer calling it "one of the most stunning" military intelligence leaks in history and calling for an investigation. |
| But what actually is Signal - and how secure or otherwise were the senior politicians' communications on it? | But what actually is Signal - and how secure or otherwise were the senior politicians' communications on it? |
| The security app | The security app |
| Signal has estimated 40-70 million monthly users - making it pretty tiny compared to the biggest messaging services, WhatsApp and Messenger, which count their customers in the billions. | Signal has estimated 40-70 million monthly users - making it pretty tiny compared to the biggest messaging services, WhatsApp and Messenger, which count their customers in the billions. |
| Where it does lead the way though is in security. | Where it does lead the way though is in security. |
| At the core of that is end-to-end encryption (E2EE). | At the core of that is end-to-end encryption (E2EE). |
| Simply put, it means only the sender and the receiver can read messages - even Signal itself cannot access them. | Simply put, it means only the sender and the receiver can read messages - even Signal itself cannot access them. |
| Cyber correspondent Joe Tidy explains how end to end encryption works | Cyber correspondent Joe Tidy explains how end to end encryption works |
| A number of other platforms also have E2EE - including WhatsApp - but Signal's security features go beyond this. | A number of other platforms also have E2EE - including WhatsApp - but Signal's security features go beyond this. |
| For example, the code that makes the app work is open source - meaning anybody can check it to make sure there are no vulnerabilities that hackers could exploit. | For example, the code that makes the app work is open source - meaning anybody can check it to make sure there are no vulnerabilities that hackers could exploit. |
| Its owners say it collects far less information from its users, and in particular does not store records of usernames, profile pictures, or the groups people are part of. | Its owners say it collects far less information from its users, and in particular does not store records of usernames, profile pictures, or the groups people are part of. |
| There is also no need to dilute these features to make more money: Signal is owned by the Signal Foundation, a US-based non-profit, which relies on donations rather than ad revenue. | There is also no need to dilute these features to make more money: Signal is owned by the Signal Foundation, a US-based non-profit, which relies on donations rather than ad revenue. |
| "Signal is the gold standard in private comms," said its boss Meredith Whittaker in a post on X after the US national security story became public. | "Signal is the gold standard in private comms," said its boss Meredith Whittaker in a post on X after the US national security story became public. |
| 'Very, very unusual' | 'Very, very unusual' |
| That "gold standard claim" is what makes Signal appealing to cybersecurity experts and journalists, who often use the app. | That "gold standard claim" is what makes Signal appealing to cybersecurity experts and journalists, who often use the app. |
| But even that level of security is considered insufficient for very high level conversations about extremely sensitive national security matters. | But even that level of security is considered insufficient for very high level conversations about extremely sensitive national security matters. |
| That is because there is a largely unavoidable risk to communicating via a mobile phone: it is only as secure as the person that uses it. | That is because there is a largely unavoidable risk to communicating via a mobile phone: it is only as secure as the person that uses it. |
| If someone gains access to your phone with Signal open - or if they learn your password - they'll be able to see your messages. | If someone gains access to your phone with Signal open - or if they learn your password - they'll be able to see your messages. |
| And no app can prevent someone peeking over your shoulder if you are using your phone in a public space. | And no app can prevent someone peeking over your shoulder if you are using your phone in a public space. |
| Data expert Caro Robson, who has worked with the US administration, said it was "very, very unusual" for high ranking security officials to communicate on a messaging platform like Signal. | Data expert Caro Robson, who has worked with the US administration, said it was "very, very unusual" for high ranking security officials to communicate on a messaging platform like Signal. |
| "Usually you would use a very secure government system that is operated and owned by the government using very high levels of encryption," she said. | "Usually you would use a very secure government system that is operated and owned by the government using very high levels of encryption," she said. |
| She said this would typically mean devices kept in "very secure government controlled locations". | She said this would typically mean devices kept in "very secure government controlled locations". |
| The US government has historically used a sensitive compartmented information facility (Scif - pronounced "skiff") to discuss matters of national security. | The US government has historically used a sensitive compartmented information facility (Scif - pronounced "skiff") to discuss matters of national security. |
| This famous photo taken inside perhaps the most famous Scif - the White House Situation Room - in 2011 shows then-President Barack Obama and his team reacting to an update during the US raid to kill Osama Bin Laden | This famous photo taken inside perhaps the most famous Scif - the White House Situation Room - in 2011 shows then-President Barack Obama and his team reacting to an update during the US raid to kill Osama Bin Laden |
| A Scif is an ultra-secure enclosed area in which personal electronic devices are not allowed. | A Scif is an ultra-secure enclosed area in which personal electronic devices are not allowed. |
| "To even access this kind of classified information, you have to be in a particular room or building repeatedly swept for bugs or any listening devices," said Ms Robson. | "To even access this kind of classified information, you have to be in a particular room or building repeatedly swept for bugs or any listening devices," said Ms Robson. |
| Scifs can be found in places ranging from military bases to the homes of officials. | Scifs can be found in places ranging from military bases to the homes of officials. |
| "The whole system is massively encrypted and secured using the government's own highest standards of cryptography," she said. | "The whole system is massively encrypted and secured using the government's own highest standards of cryptography," she said. |
| "Especially when defence is involved." | "Especially when defence is involved." |
| Encryption and records | Encryption and records |
| There's another issue tied to Signal that has raised concerns - disappearing messages. | There's another issue tied to Signal that has raised concerns - disappearing messages. |
| Signal, like many other messaging apps, allows its users to set messages to disappear after a set period of time. | Signal, like many other messaging apps, allows its users to set messages to disappear after a set period of time. |
| The Atlantic's Jeffrey Goldberg said some of the messages in the Signal group he was added to disappeared after a week. | The Atlantic's Jeffrey Goldberg said some of the messages in the Signal group he was added to disappeared after a week. |
| This may violate laws around record-keeping - unless those using the app forwarded on their messages to an official government account. | This may violate laws around record-keeping - unless those using the app forwarded on their messages to an official government account. |
| This is also far from the first row involving E2EE | This is also far from the first row involving E2EE |
| Various administrations have wanted to create a so-called backdoor into messaging services that use it so they can read messages they think might pose a national security threat. | Various administrations have wanted to create a so-called backdoor into messaging services that use it so they can read messages they think might pose a national security threat. |
| Apps including Signal and WhatsApp have previously fought attempts to create such a backdoor, saying it would eventually be used by bad actors. | Apps including Signal and WhatsApp have previously fought attempts to create such a backdoor, saying it would eventually be used by bad actors. |
| Signal threatened to pull the app from the UK in 2023 if it was undermined by lawmakers. | Signal threatened to pull the app from the UK in 2023 if it was undermined by lawmakers. |
| This year, the UK government became embroiled in a significant row with Apple, which also uses E2EE to protect certain files in cloud storage. | This year, the UK government became embroiled in a significant row with Apple, which also uses E2EE to protect certain files in cloud storage. |
| Apple ended up pulling the feature in the UK altogether after the government demanded access to data protected in this way by the tech giant. | Apple ended up pulling the feature in the UK altogether after the government demanded access to data protected in this way by the tech giant. |
| The legal case is ongoing. | The legal case is ongoing. |
| But, as this controversy shows, no level of security or legal protection matters if you simply share your confidential data with the wrong person. | But, as this controversy shows, no level of security or legal protection matters if you simply share your confidential data with the wrong person. |
| Or as one critic more bluntly put it: "Encryption can't protect you from stupid." | Or as one critic more bluntly put it: "Encryption can't protect you from stupid." |