The signal scandal somehow managed to get much worse

At least at the moment this has not attracted a lot of attention. Let me point your attention to a new part of the Signal Chat story of the White House, which is actually a pretty big deal. You probably saw that Reuters published a photo of a Trump cabinet meeting yesterday, where Mike Waltz could be used on his phone signal. That was pretty incredible. They could see some of the chats, although he mainly entertained more than the content. Embarrassing, etc. But 404 media, a new Tech message site, noticed that there was more than that. He did not use signal at all. He used a signal discount from third -party providers with which you can use your signal account, but additional functions.

Waltz used an app created by a company called Telemessage. And their additional function is that you can save your conversations from the app. Probably the rules for the storage of the federal documents should presume. The app states that the encryption and safety of the signal maintains. But as 404 media reports, this is clearly not true. What means from end -to -end encryption is exactly what it sounds, ending to end, between your phone and your conversation partner. As soon as you have taken over the secret messages and send you to another location by definition, you have deviated from this encrypted channel. 404 media asked Signal about it and they answered how they would expect. This is essentially not responsible for what happens to your data if you do not use our app.

Two really big security problems are actually involved here and are very different.

The first requires understanding the security of signal. Signal offers very robust security between Your phone and the other person's phone. However, your telephone itself could be hacked. In this case you are no longer lucky. This is the actual signal app. In this case, use a signal clone app that takes the data and sends it very differently. By definition, it has no safety protection from Signal. But there is a second, very big security problem that this app uses. This app is made by a random company that we don't know much about. You could be a front for a foreign intelligence agency. The entire app could be monitoring to examine signal talks. I'm not saying that this is true. But you can't really rule it out. So you have the inherent lack of security again, which is introduced by operating outside the Signal security system. Then you have the additional security black box from “Who is this company?” And what do you do with the data?

Security experts trust for two reasons. For one thing, it has established a very good reputation for trustworthiness in several years. The far more important reason and most of this reputation is based on that their code is open source. Everyone can see it. The hardcore security experts can therefore take a close look at how it works and say: “Okay, yes, that's right. That's super sure.” Setting up the White House seems to be used, and Waltz itself definitely uses programs to use the data to another outfit. And we have no visibility in your code or more general, even who they are. So we have no idea what your security is. We don't know if you know what you are doing. And we cannot rule out that they pursue some shameful goals.

Anyway, we should hear more about it soon. You may not have heard of 404 media. You are new. But they have a very strong reputation. Since I wrote the Times, the Times has now taken up its reporting about it and credited.