‘It’s so unbelievable': Cyber world stunned over war planners using Signal
Regardless of app security, experts say communicating the military plans of the U.S. government in a non-classified space creates a massive security vulnerability.
“I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy — but it’s far below the standards required for discussing any elements of a war plan,” said Mark Montgomery, senior director at the Foundation for Defense of Democracies. | Edward Smith/Getty Images
By Maggie Miller and Dana Nickel
03/25/2025 06:33 AM EDT
Lawmakers and experts are sounding the alarm after revelations that Cabinet members were using Signal to discuss war plans, saying the encrypted messaging app is still vulnerable to hacking.
The Atlantic’s Jeffrey Goldberg published a first-hand account on Monday detailing how he was mistakenly added to a Signal group chat where high-ranking Trump officials were discussing plans to conduct military strikes in Yemen. The Signal conversation included “precise information about weapons packages, targets, and timing,” Goldberg said, describing the use of the open-source app to map out military strikes as “shocking recklessness.”
“I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy — but it’s far below the standards required for discussing any elements of a war plan,” said Mark Montgomery, senior director at the Foundation for Defense of Democracies.
The app has become increasingly popular in recent months in Washington, following the discovery of a massive Chinese government-linked breach of U.S. telecommunications networks that allowed hackers to steal a trove of Americans’ cell phone records and spy on the conversations of senior U.S. political figures, including Trump and Vice President JD Vance. U.S. officials have since recommended that Americans use encrypted messaging platforms like Signal to better protect against hackers.
The app’s security is viewed as fairly strong due to its robust privacy features and minimal data collection, as well as default end-to-end encryption of all messages and voice calls. The app also includes a function that deletes all messages from a conversation within a set time frame, adding an additional layer of data protection. But experts agree that it shouldn’t be used by government officials as an alternative to communicating through more secure, sanctioned government communications — which Signal is not.
“It’s so unbelievable,” a former White House official, granted anonymity to discuss The Atlantic’s report candidly, said Monday. “These guys all have traveling security details to set up secure comms for them, wherever they are.”
The former White House official pointed out that members of Trump’s Cabinet — including the vice president, Defense Secretary Pete Hegseth, and Director of National Intelligence Tulsi Gabbard, among others — were likely using personal devices, since in most cases, Signal cannot be downloaded onto official federal devices. This alone creates a host of cybersecurity issues.
“Their personal phones are all hackable, and it’s highly likely that foreign intelligence services are sitting on their phones watching them type the shit out,” the former White House official warned.
Jacob Williams, a former hacker at the NSA and vice president of research and development at cybersecurity consulting firm Hunter Strategy, said Signal is not “accredited for classified data.”
One of the biggest risks of using Signal, according to Williams, is where the data can be stored.
“People can link Signal messaging to a desktop application,” he said. “This means that Signal data is being delivered to potentially multiple desktop and laptop computers where it isn’t being stored in a phone’s secure enclave. That data is then at risk from commodity malware on the system.”
Signal users also aren’t able to tell which contacts have accounts linked to their desktop, so the risk can’t be adequately evaluated, Williams added.
Signal did not respond to a request for comment. In the app’s Terms of Service, it states that users “are responsible for keeping your device and your Signal account safe and secure.”
Top Democrats on the Hill were quick to bash the use of a Signal group chat to discuss sensitive military activities, particularly without properly vetting who was added to the group.
“It should go without saying that administration officials should not be using Signal for discussing intelligence matters reserved for the situation room — not to mention doing so incompetently by including members of the public,” said House Homeland Security ranking member Bennie Thompson (D-Miss.), who has oversight of the Cybersecurity and Infrastructure Security Agency.
House Foreign Affairs Committee ranking member Gregory Meeks (D-N.Y.) called on Chair Brian Mast (R-Fla.) to hold a hearing on what Meeks described as “the most astonishing breach of our national security in recent history.”
Both the Senate and House Intelligence panels are scheduled this week to hold hearings on the 2025 Annual Worldwide Threats Assessment — a report on the biggest emerging threats globally released by the director of national security annually — with Gabbard and other top administration intelligence officials set to feature as witnesses.
House Intelligence Committee ranking member Jim Himes (D-Conn.) said in a statement Monday that he was “horrified” by the Trump administration’s discussion of strategic military planning on Signal and plans to ask the witnesses about the use of the app to plan the attack in Yemen.
“These individuals know the calamitous risks of transmitting classified information across unclassified systems, and they also know that if a lower ranking official under their command did what is described here, they would likely lose their clearance and be subject to criminal investigation,” Himes said.
Secretary of State Marco Rubio, who until January served as the ranking member of the Senate Intelligence Committee, will not be on the panel of witnesses this week but participated in the Signal chat.
A former intelligence and security official, granted anonymity to discuss the handling of likely classified information, noted that the situation could have been averted if the U.S. government had a chat service certified to handle classified information.
“In the absence of a solution and given the fast pace of national security affairs, people will resort to balancing their perception of the risk with the operational pressures of the day,” the former intelligence and security official said.
Regardless of the security of the app itself, communicating the military plans of the U.S. government in a non-classified space opens a massive security gap.
“Forget Signal, just do it over a dating app, you might as well, that would be just as secure as what you’re doing,” the former White House official said.