Fri Apr 04 16:20:00 UTC 2025: ## Secure Messaging Apps Vulnerable to Hacks Due to User Settings, NSA Warns
**Washington D.C.** – The National Security Agency (NSA) has issued a warning that settings on iPhones and Android devices could leave users of secure messaging apps like Signal and WhatsApp vulnerable to hacking. The warning follows a recent incident where national security officials inadvertently included a journalist in a secure Signal chat containing sensitive war plans.
The vulnerability, according to the NSA and Forbes, doesn’t lie within the apps themselves, but rather in user settings related to linked devices and group links. The “linked devices” feature, which allows access to an account from multiple devices, creates a security risk. If a hacker gains access to a linked device, they can access all messages. Both WhatsApp and Signal allow users to review and remove linked devices from their accounts.
Signal’s “group link” feature, which allows users to invite others to a group via a link, presents another vulnerability. Hackers can exploit this feature to link their devices to user accounts. Disabling this feature is recommended, although WhatsApp lacks a similar disable function; however, administrators can control who can add or remove members to mitigate the risk.
The NSA advises government employees, and by extension all users, to regularly change app PINs, enable screen locks, avoid sharing contact or status information, and keep phone and app contacts separate. The Cybersecurity and Infrastructure Security Agency (CISA) offers additional best practices for mobile communication security. The agency stresses that even if a hacker links their device, the primary phone can remove the unauthorized access. Users are urged to regularly check their linked devices and immediately remove any unrecognized entries.
First Piper 