iPhone blamed for including journalist in highly classified bombing plans

AppleInsider

National Security Advisor Mike Waltz has blamed his iPhone for accidentally inviting a journalist into a secret discussion of a strategic military strike.

The Signal app promises secure and encrypted chats between users.

Jeffrey Goldberg, editor of The Atlantic magazine, accepted a March 13 invitation from Waltz that was intended for National Security Council spokesperson Brian Hughes. Goldberg then reported on the chat, revealing that the administration used the Signal app for what should be considered classified information.

A report published in the UK by The Guardian explained exactly how the error in inviting Goldberg occurred. The journalist was accidentally included because Waltz accepted an iPhone-suggested updated contact number in Hughes' original missive, thinking it was an updated number for Hughes -- when in fact it was the number for Goldberg.

Goldberg thus received Hughes' invitation to the Signal chat among White House advisors. Goldberg's resulting article revealed the name of the chat -- "Houthi PC small group" -- and that plans were discussed for an upcoming military strike against the Houthis in Yemen.

The current administration is not the only one to have relied on Signal. The Biden administration also used it, because the government does not have its own system and Signal is considered one of the most secure messaging platforms.



Read on AppleInsider

luis.a.masanti

Greeks killed the messenger of bad news… but the bad news remained!
This ‘advisor’ blames his iPhone… but the bad news remains!

lollercoaster

AppleInsider said:

National Security Advisor Mike Waltz has blamed his iPhone for accidentally inviting a journalist into a secret discussion of a strategic 

…

A report published in the UK by The Guardian explained exactly how the error in inviting Goldberg occurred. The journalist was accidentally included because Waltz accepted an iPhone-suggested updated contact number in Hughes' original missive, thinking it was an updated number for Hughes -- when in fact it was the number for Goldberg.

I don’t know…is it possible that the error occurred because he was using Signal instead of an actual approved platform…where shit like this wouldn’t happen? Just a thought!

dewme

This was a stupid mistake by someone who should have known better. If I made this mistake I would have had my security clearance revoked. Since my job was contingent on having a security clearance I would have lost my job - instantly. 

You can’t blame the technology for this mistake. It doesn’t matter how secure or not secure a particular public or open source communication platform is for these types of transactions. Any communication mechanism used for official communication at these levels of security must be certified as such by the agencies who are responsible for maintaining security. That means controlling both ends of the pipe. 

Secure communication can take place over unsecured connections using black channel methods and certified encryption. Relying on someone else’s definition of security is just plain stupid. It doesn’t matter if Signal has great encryption, the conveyance of classified information has to be secure based on the security needs of the endpoints, not the channel. 

Unless the US government and DOD owns the channel and has certified that the channel security itself provides defense in depth regardless of the endpoints, it should not be used. At the very least, they should have encrypted the messages using their own public/private keys (that had expiries appropriate to the duration of the task) before putting them on Signal. In that case any communications sent to the wrong recipient would be protected. But even doing that would be a security violation if use of Signal had not been authorized. 

The party that screamed for jail time for a previous candidate for a far less damaging concern has no right to sweep this verified breach under the rug. There is no hypothetical “what if” here. This was a major violation of security practices by top officials of the US government, not some E1 fresh out of boot camp. Our entire model of responsibility and accountability at the top levels of US government is totally absurd. Having so many amateurs in key top level posts who show such little regard for protecting the US and allies from outside threats is unforgivable and derelict. 

edited April 6

chasm

lollercoaster said:

don’t know…is it possible that the error occurred because he was using Signal instead of an actual approved platform…where shit like this wouldn’t happen? Just a thought!

That's the problem in a nutshell ... there apparently isn't an approved texting program for secure government communications. There's certainly a secure email system, and approved secure phone lines, but no texting platform for sensitive discussions -- hopefully this will inspire the administration to make one.

To be fair to Signal, the problem isn't the program. It's E2EE, so this is technically all that's needed. You just gotta have a way to better vet who is in on the chat.

mattinoz

They need to dig up, not down, to get out of the hole.

applezulu

chasm said:

lollercoaster said:

don’t know…is it possible that the error occurred because he was using Signal instead of an actual approved platform…where shit like this wouldn’t happen? Just a thought!

That's the problem in a nutshell ... there apparently isn't an approved texting program for secure government communications. There's certainly a secure email system, and approved secure phone lines, but no texting platform for sensitive discussions -- hopefully this will inspire the administration to make one.

To be fair to Signal, the problem isn't the program. It's E2EE, so this is technically all that's needed. You just gotta have a way to better vet who is in on the chat.

Taking at face value the suggestion that there is no secure government texting app, the answer isn’t that it was therefore ok to use Signal, but that they should’ve used one of the less convenient but actually secure methods instead. National security isn’t just a matter of convenience. They also shouldn’t have been sending this type of information on personal cell phones.  If the Guardian story is accurate, this is the original cause of the error. A properly secured government device would not have security holes like “Siri suggestions” enabled in the first place, preventing just this sort of error.

cpsro

Government employees aren’t supposed to use Signal for policy discussions or war plans, because it doesn’t conform with the Presidential Records Act. The Biden administration knew this too and his staff were authorized to use Signal only for inconsequential communications like restaurant plans. 

jdiamond

Also ignored the part where he claimed they were all clear because the texting group had been vetted. 

I can relate - something weird about iOS 18 - it's been giving me all kinds of incorrect suggestions of who it thinks someone is.

rob53

AppleInsider said:

The current administration is not the only one to have relied on Signal. The Biden administration also used it, because the government does not have its own system and Signal is considered one of the most secure messaging platforms.

It's my understanding that the White House cyber security group is handled by DoD. It sounds like you're saying the White House ("government") doesn't have its own system when it absolutely does. The White House is not allowed to use any unclassified network or device when discussing anything remotely classified. The idiots in the White House who said it was only sensitive, not classified, need to re-take their security courses because even sensitive communications are only allowed to be used on government controlled systems. Mike Waltz is an idiot and should have been immediately fired. DoD rules do NOT allow Signal to be used on government mobile devices, they (might) be allowed on personal devices but can't be allowed when conducting any business. I don't care what Biden used but I know our government is required to use restricted access computer devices and I'm sure the government's mobile device management system doesn't include easy access to the Apple App Store or any Google app store. Generally, government phones are locked to a point where the user is unable to add apps to their government phone. I worked for a large DOE contractor and personal phones were NEVER allowed for business use. We would carry two phones, one personal and one government and we never used a personal phone for government business. If we did, it was cause for immediate firing and possible arrest.

9secondkox2

It’s shocking that the government has been without a secure, closer messaging system. 

That’s wild. 

It is annoying how apps snd suggestiins get so jacked up sometimes. 

But this kind of thing highlights the absolute need for the government and military to have a closed, secure, encrypted messaging app. 

zimmermann

9secondkox2 said:

It’s shocking that the government has been without a secure, closer messaging system. 

That’s wild. 

It is annoying how apps snd suggestiins get so jacked up sometimes. 

But this kind of thing highlights the absolute need for the government and military to have a closed, secure, encrypted messaging app. 

Reading the other posts:
- the government has secure communication methods, but weren’t used;
- they used personal phones to message each other that also is not allowed;

So: blaming an iPhone is childish: “it wasn’t me”. 

ciaranf

This is clearly the users fault and not the device. What a stupid and silly excuse to use to try and wrangle your way out of trouble.

“A good tradesman never blames his tools.”

eriamjh

Steve Jobs: “You’re using it wrong.”

rob53

CiaranF said:

This is clearly the users fault and not the device. What a stupid and silly excuse to use to try and wrangle your way out of trouble.

“A good tradesman never blames his tools.”

I agree, it was the users fault but you need to understand that they also used the wrong "tool". The current Cabinet is inept, filled with worthless trump-suckups who haven't the faintest idea how to do anything. Government computer and cyber security regulations can't do anything when they aren't followed. They obviously didn't use devices configured for classified discussions, they used personal devices on the Internet, which is NOT approved for any government classified discussions. Signal is not approved for classified discussions. Apple Messages isn't either. Our government has had a secure, classified communications system for decades. Initially it was based on specially configured Blackberry phones using a very secure Blackberry cellular communications server. trump doesn't care about anything and neither does his Cabinet. I suggest everyone read these two Blackberry blogs:

https://blogs.blackberry.com/en/2025/03/secure-communications-realities-governments
https://blogs.blackberry.com/en/2025/02/blackberry-uem-achieves-nsa-commercial-solution-classified-designation

This doesn't mean our government is still using Blackberry phones but they continue to use Blackberry backend systems. There needs to be an official investigation of the entire Signal chat session using non-government inspectors. We all know the current DOJ will not investigate anything trump, et al., are doing so we need a third-party organization to do it. There are non-government organizations with Top Secret access who regularly monitor government organizations. One of these needs to investigate everything that happened so Americans know how stupid our current administration is.

applezulu

9secondkox2 said:

It’s shocking that the government has been without a secure, closer messaging system. 

That’s wild. 

It is annoying how apps snd suggestiins get so jacked up sometimes. 

But this kind of thing highlights the absolute need for the government and military to have a closed, secure, encrypted messaging app. 

The government has closed, secure, encrypted means of communication. What this thing highlights is the fact that no one in this administration’s entire cabinet-level national security team took their very, very recent security training seriously and so none questioned the use of signal on personal phones or demanded that they move the conversation to an appropriate venue. 

It further suggests that this isn’t the only time they’ve done this, so you can be sure that foreign intelligence organizations have surely been monitoring everything closely all along. 

jfabula1

It happened to me several times, this suggestions when composing chat must have secondary “are you sure” safety before adding.
good thing it’s just for my friends…otherwise I’ll be sleeping in the dog house…not funny at all

daalseth

He’s paid to not F-up. He f-ed up and is trying to blame the phone, that he should NOT have been using to conduct secure government business in the first place. That sounds like three strikes to me, but I suspect there will be no repercussions.

moparsteve

Setting aside the inappropriateness of the channel used for the "discussion", was this discussion really needed or relevant?  I must confess I did not read all of the chat that's available, but it seems like it was mainly a giddy "Bro" chat, making the potential of exposing sensitive information all that more offensive.

radarthekat

eriamjh said:

Steve Jobs: “You’re using it wrong.”

In this case, “you’re using it.”

radarthekat

President Trump's Ukraine and Middle East envoy Steve Witkoff was in Moscow, where he met with Russian President Vladimir Putin, when he was included in a group chat with more than a dozen other top administration officials.

All while using personal phones with at least one member improperly having used Siri to add a contact to his signal list.  

Anything else the administration wants to admit to?