NSA Warning—Change Your iPhone, Android Message Settings
Do not make this dangerous messaging mistake
Update: Republished on March 30 with a new report into device vulnerability and a new update that simplifies secure communications on iPhones.
The secure messaging apps on your phone are dangerous. Not because their own security measures are vulnerable to attack — although that does happen, but because their security is only as good as your behavior. And millions of iPhone and Android users don't realize that simple mistakes can open your phone to attack.
That was the crux of the NSA's warning that has now been made public and which has been headlined as a Signal vulnerability in the wake of Trump officials inadvertently inviting a journalist onto a sensitive group chat. But it's not. It's a user vulnerability. The NSA notification is a warning to change messaging settings. Nothing more.
The NSA warning last month was prompted by Google's Threat Intelligence Group discovering Russia's GRU was tricking Ukrainian officials into opening access to their Signal accounts, allowing the Russians to listen in. This wasn't a Signal flaw — the app was working as intended. And it wasn't limited to Signal. Google warned 'this threat also extends to other popular messaging applications such as WhatsApp and Telegram.'
The two 'vulnerabilities' relate to features in both Signal and WhatsApp that make them easier to use. Linked Devices and Group Links. The first enables you to sync and access your secure messaging apps on all your eligible devices. The second provides a simple way for you to invite new members into a group chat by sending them a link, rather than adding them one-by-one from within the group.
The Group Link threat only extends to the group itself, and is easily mitigated. In Signal, disable the Group Link from within the group's settings. In WhatsApp you don't have that option, but do not use links for sensitive groups; you should also set sensitive groups in WhatsApp such that only Admins can add members.
The Linked Devices option is much more dangerous as it can establish a fully sync'd replica of your messaging app on someone else's device. But again this risk is easily mitigated. In both apps there is a clear settings menu entitled 'Linked Devices.' Go there now and unlink any device you don't 100% recognize as belonging to you. If in doubt, remove. You can always add it back later if you make a mistake. On both apps, your primary phone is the base and all other devices can be linked and unlinked there.
There is a twist to this. In the Russian attack, the Signal group invite link was hijacked to link a device instead, a vulnerability in the invite coding and mechanics, but not the app itself. But there is no way for someone to link a device without it showing in your settings per above. Regularly checking those links is key. It's also worth periodically unlinking browser 'web app' links (as opposed to apps) and relinking. The other advice is to not click group links unless they're expected and you can vouch for the sender.
The NSA's other messaging advice should be common sense. Set and regularly change your app PIN and enable the screen lock. Do not share contact or status info, certainly not outside your contacts. The DOD agency also recommends keeping phone and app contacts a separate, albeit that's painful for everyday use.
The concept of secure messaging is widely misunderstood. End-to-end encryption is a transmission safeguard. Content is scrambled by your device and unscrambled when it reaches a recipient. Each end (phones in a chat) is vulnerable to a compromise of that device, a user saving content, or the wrong person invited into a group. None of these apps are bulletproof if your other security is flawed or you make a mistake.
NSA is not alone in calling out Signal as the headline act when it comes to secure commercial messaging platforms used by politicians and other officials. America's cyber defense agency did the same in the wake of China's Salt Typhoon hacks on U.S. networks. 'Use only end-to-end encrypted communications,' CISA said. 'Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar app.'
With interesting timing, WhatsApp — the most popular secure messenger worldwide, which uses the same Signal encryption protocol and Signals itself — has just made that easier. iPhone users can now select WhatsApp as their default texting and calling app. The platform update that delivers this new capability is rolling out this weekend. In Settings — Apps, select 'Default Apps' and change 'Messaging and 'Calls' options.
But again, that doesn't change the user/device vulnerability that will always leave secure messaging at risk. 'The biggest risk of eavesdropping on a Signal conversation comes from the individual phones that the app is running on,' says Foreign Policy. 'While it's largely unclear whether the U.S. officials involved had downloaded the app onto personal or government-issued phones… smartphones are consumer devices, not at all suitable for classified U.S. government conversations.'
This is especially acute given that 'an entire industry of spyware companies sells capabilities to remotely hack smartphones for any country willing to pay.' These are the forensic exploits that have plagued iPhones and Androids this year. And so just as it's critical to apply the right messaging settings, it's also critical to keep your phone updated, to avoid risky apps, and to stop clicking on links or unexpected attachments.
You can read the NSA's full advisory here. Take heed and make sure you keep your work plans, your party plans and even your war plans secret.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Politico
24 minutes ago
- Politico
Budget documents reveal plan to grow DOGE
Elon Musk is out, but the Trump administration still wants to beef up funding and staffing for its DOGE operation, according to budget documents released last week. Tucked inside the lengthy budget appendix the White House released Friday are details about the administration's post-Musk vision for DOGE. In the early days of the Trump administration, the DOGE team has made waves throughout the federal government with its push to slash the workforce, eliminate agency contracts and terminate leases. As Musk announced his formal departure from DOGE last week, President Donald Trump and top administration officials stressed that the government-cutting operation wasn't going anywhere. And the administration's budget request for fiscal 2026 offers new details about how Trump and his team plan to bolster DOGE in the coming year. The White House budget request is just that — a request to Congress for funding. But the numbers indicate the administration's priorities for boosting or cutting staff in the government. Broadly, the administration is eyeing steep cuts to nondefense discretionary spending — a reduction of about 23 percent below the currently enacted level. The White House has asked for cuts to energy and environmental agencies. But at the same time, the White House wants DOGE to grow, the documents show. The total staff working for the U.S. DOGE Service — a White House technology shop that was rebranded when Trump took office — employed an estimated 89 staffers in fiscal 2025, the document shows. That includes staff listed as direct full-time employees as well as 'reimbursable' full-time employees. That number would grow from 89 to 150 in fiscal 2026 under the White House's budget request. Those 'reimbursable' employees are typically assigned to another agency that pays back the costs of their employment. Trump's January executive order creating the U.S. DOGE Service directed each agency head to establish its own DOGE team with at least four staffers. The administration has been tight-lipped about the roster of DOGE staffers, apart from public appearances by Musk and some senior DOGE aides. Musk and other DOGE staffers joined Fox News in March for an interview about their work behind the scenes. A New York Times investigation has identified more than 70 people aligned with the so-called Department of Government Efficiency, some of whom have ties to Musk's companies and some of whom appear to have worked for DOGE at several government agencies. In an Oval Office press conference with Musk on Friday, Trump said that many of the DOGE people 'are staying behind.' Musk said that the DOGE team and its influence 'will only grow stronger.' The Tesla CEO compared DOGE to a 'sort of Buddhism. It's like a way of life.' DOGE would also get more money under Trump's budget plan. The operation spent an estimated $20 million in fiscal 2025, including $1 million for a 'software modernization initiative' and another $19 million through 'reimbursable program activity.' The budget request envisions DOGE boosting its spending in fiscal 2026 to $45 million, including $10 million for software modernization and another $35 million through reimbursable program activity. The White House did not respond to a request for comment on the administration's bid to boost DOGE's staff and funding. It's unclear whether the number encapsulates the full DOGE team in the government, which has hired temporary special government employees to serve brief stints at agencies. Musk estimated in March that DOGE had grown to about 100 employees with plans to grow to about 200. Trump's critics — including the top Democrat on the Senate Appropriations Committee — panned the plan to grow DOGE while shrinking other federal programs. 'The request includes $10 million for the U.S. DOGE Service, supporting 30 full-time employees to continue Elon Musk's slash and burn campaign to decimate government well after his departure as a Special Government Employee,' Washington Sen. Patty Murray, the top Democrat on the appropriations panel, said in a news release. Lisa Gilbert, co-president of the watchdog nonprofit Public Citizen, said the administration's bid to 'enhance the budget of this anti-efficiency effort, while cutting funding for parks, health care, education and more, is appalling.' The budget document describes DOGE's mission as being technology focused, although the operation in the early days of the Trump administration and under Trump's leadership have shown the DOGE effort to be broad and aimed at enacting deep cuts to spending and personnel. 'U.S. DOGE Service (USDS) transforms Federal technology and software, driving unprecedented efficiency and productivity,' the document says. 'By advising Federal agencies on the tools to deliver high-impact outcomes, USDS streamlines government operations and tangibly improves the lives of the American people.' Gilbert, by contrast, described DOGE as 'the leading edge of this administration's corruption and lawlessness, illegally attacking agencies, threatening the data privacy of all Americans, and removing critical employees and programs that provide services we all depend on.'
Bloomberg
28 minutes ago
- Bloomberg
Trump Memecoin Wallet Spurs Divide Among Family's Crypto Camps
There appears to be a divide among the various crypto-entities affiliated with President Donald Trump. The NFT marketplace Magic Eden said Tuesday that it's partnering with the team behind Trump's memecoin and other ventures to offer a Trump-branded digital wallet and trading application.
Tom's Guide
28 minutes ago
- Tom's Guide
Google's NotebookLM just got a huge upgrade — here's why it beats ChatGPT for team projects
Google's experimental AI notebook NotebookLM just rolled out a major feature, and it could be the upgrade that turns this low-key tool into a must-have for teams, classrooms and creators. Starting today, you can share your NotebookLM notebooks publicly with a single link. That means your AI-powered research, study guides, or project notes can now be explored by anyone — no Google sign-in required. While ChatGPT thrives on single-use chats and Claude offers limited recall, NotebookLM's persistent, sharable structure just gave it a serious edge in the AI collaboration game. Factor in the fact that NotebookLM was recently awarded Best Research Tool in Tom's Guide's own AI Awards, and you start to see why this AI notebook from Google is making waves. With this update, NotebookLM goes beyond a private research assistant and transforms into an interactive, AI-powered knowledge hub. Here's what public sharing unlocks: Whether you're publishing a study guide for your class, product docs for your team or an overview of a nonprofit's mission, you can now let others explore and engage without handing over the keys. No editing is allowed. Open a notebook in NotebookLM. Click the 'Share' button in the top-right corner. Set access to 'Anyone with the link.' Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Share the URL — that's it. Now, anyone with the link can chat with your notebook, explore summaries and listen to audio overviews generated by NotebookLM's built-in AI. They can't edit your sources, but they can interact with the content. If you've never used NotebookLM before, don't worry, it's surprisingly easy to get started. Think of it like a smart research notebook powered by AI, designed to help you organize, summarize and query your sources all in one place. Here's how to use it: 1. Create a new notebook Head to and sign in with your Google account. Click '+ New Notebook' to get started. 2. Upload your sources You can add text files, Google Docs, PDFs or your own typed and pasted notes. NotebookLM's AI will automatically analyze your sources and surface insights. 3. Ask questions Once your sources are uploaded, use the built-in AI chat to ask questions like: 4. Explore auto-generated content NotebookLM automatically creates helpful studio artifacts: Audio Overviews – Listen to a summary of your notebook FAQs – Get quick answers based on your content Briefing Docs – A high-level summary for quick digestion 5. Share it With the new public sharing feature, you can hit 'Share' in the top-right corner, set access to 'Anyone with the link,' and turn your notebook into an interactive knowledge hub for others. While ChatGPT excels in one-off conversations, NotebookLM is designed to hold onto structured research and now, to share it. NotebookLM gives users the edge because instead of starting from scratch every time, viewers access a curated, structured notebook. Viewers can query the notebook, while your data stays helpful extras like FAQs, summaries, and audio recaps are auto-generated, which could be userful for educators, startup teams, research projects and creators looking to package and publish their knowledge in a smart, accessible way. NotebookLM's public sharing update adds an element to the useful AI tool that other big AI names haven't yet given us. While ChatGPT and Claude remain great for personal brainstorming, NotebookLM just became the AI-powered Google Docs alternative we didn't know we needed. If you're ready to try it for yourself, head to NotebookLM and give it a try. Share your thoughts in the comments, I'd love to know what you think of this new upgrade.
