Comment by dbl000
8 months ago
This was such a weird news story to read. At least they used Signal? That's gotta be a plus at some level.
Unrelated, but I wonder how the gray hat market for Signal vulns is doing now?
8 months ago
This was such a weird news story to read. At least they used Signal? That's gotta be a plus at some level.
Unrelated, but I wonder how the gray hat market for Signal vulns is doing now?
How is that a plus? Maybe vs plain old SMS...
But, it's a flagrant leak of classified info. Using a medium explicitly prohibited by policy. And likely now lost to time (Signal messages can be configured to auto-delete on a timer), when all of this sort of correspondence is legally required to be retained.
> How is that a plus?
They could've used Telegram /s. It's popular with the crypto crowd after all.
They probably do also use Telegram https://www.forbes.com/sites/daveywinder/2025/03/22/russian-...
1 reply →
Signal is primarily for end-to-end encryption.
If a device has been compromised, the database can be extracted with all messages and contacts
The basic Signal vulnerability even if the protocol is perfectly sound is that they can push effectively silent automatic app updates to do whatever. Presumably they didn't want to signup for this but that's how app distribution works nowadays, and it's certainly not fit for classified information.
It's unlikely that there is one.