Flash Sale! Unlimited Digital Access - $5 for the first month

NSA warning says your iPhone, Android settings may leave ‘secure’ messages open for attack

NSA warns of text message settings

The NSA says settings on your iPhone or Android may leave your secure messaging service vulnerable for an attack. (Matt Durr | MLive.com)

By

If you’re one of the millions of people who use secure messaging apps to send and receive calls and texts, your information may not be as protected as you think.

Interest in secure messaging apps vulnerabilities has spiked after it was revealed last month that national security officials inadvertently included a journalist in a Signal chat that included war plans. The mistake came just weeks after the National Security Agency issued a warning to government officials regarding hackers attempting to use Signal as a way to spy on encrypted conversations.

According to Forbes, the issue isn’t with the apps themselves, but settings on your phone may unknowingly make the device vulnerable to a cyber attack. In particular, the settings involving the linked devices and group links features may expose users who think all their information is protected.

The linked device feature allows for a user to access their account from multiple devices. Each linked device can establish a fully synced replica of the messages, meaning if a hacker is able to link their device to your account, your messages are no longer secure.

Both WhatsApp and Signal have settings that will allow you to see what devices are linked and to remove them if necessary. Your primary phone is considered the base and can remove any other device linked to your account. If you notice a device you don’t recognize that is linked to your account, you should remove it immediately.

Group link is available for Signal and allows for users to invite others to a group using a link. Hackers have exploited a vulnerability in the coding that allows these links to link devices to user accounts. So if you receive an unknown link and click on it, a hacker may be able to link their device to your account.

Disabling this feature for a Signal chat will prevent group members from being able to share an invite link. WhatsApp does not have a disable link feature, but you can change the group settings so that only an administrator can add or remove members. Again, even if a hacker were to link their device to your account, your primary phone will be able to remove them.

In its suggestion for government workers, the NSA suggests making regular changes to your app PIN and to enable the screen lock. You should not share contact or status info, and are advised to keep phone and app contacts separate.

For more steps you can take to protect your phone and information, you can also view the Cybersecurity and Infrastructure Security Agency’s (CISA) best practices for mobile communication.

Stories by Matt Durr

If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.