The US National Security Agency (NSA) has issued a crucial warning to iPhone and Android users, highlighting the risks associated with secure messaging apps.
While these apps are generally secure, their safety is only as strong as the user’s behavior. Millions of users unknowingly make simple mistakes that can expose their phones to attacks, News.Az reports, citing Forbes.
That was the crux of the NSA’s warning that has now been made public and which has been headlined as a Signal vulnerability in the wake of Trump officials inadvertently inviting a journalist onto a sensitive group chat. But it’s not. It’s a user vulnerability. The NSA notification is a warning to change messaging settings.
The NSA warning last month was prompted by Google’s Threat Intelligence Group discovering Russia’s GRU was tricking Ukrainian officials into opening access to their Signal accounts, allowing the Russians to listen in. This wasn’t a Signal flaw — the app was working as intended. And it wasn’t limited to Signal. Google warned “this threat also extends to other popular messaging applications such as WhatsApp and Telegram.”
The two “vulnerabilities” relate to features in both Signal and WhatsApp that make them easier to use. Linked Devices and Group Links. The first enables you to sync and access your secure messaging apps on all your eligible devices. The second provides a simple way for you to invite new members into a group chat by sending them a link, rather than adding them one-by-one from within the group.
The Group Link threat only extends to the group itself, and is easily mitigated. In Signal, disable the Group Link from within the group’s settings. In WhatsApp you don’t have that option, but do not use links for sensitive groups; you should also set sensitive groups in WhatsApp such that only Admins can add members.
 
			 
			