SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach - podcast episode cover

SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach

Security Now (Audio)
May 07, 20252 hr 46 minEp. 1024
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

  • Microsoft to officially abandon passwords and support their deletion.
  • Meta's RayBan smart glasses weaken their privacy terms.
  • 30% of Microsoft code is now being written by AI.
  • Google says prying Chrome from it will damage its security.
  • Nearly 1,000 six-year-old eCommerce backdoors spring to life.
  • eM Client moves to version 10.3
  • A bunch of terrific listener feedback creates talking points.
  • A little-known, insecure message archiving service comes to light.

Show Notes - https://www.grc.com/sn/sn-1024-notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Transcript

Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech Don’t Blame Signal: The Breach Wasn’t Their Fault

May 7th 2025

Generated by AI, reviewed by a human. 

In the latest episode of Security Now, Steve Gibson sheds light on a high-profile data breach that has led to significant confusion—and unfairly dragged the Signal messaging platform into the spotlight for the wrong reasons.

The controversy stems from a modified version of Signal’s open-source code that was developed by a U.S. government contractor. This derivative app, named TM SGNL, was designed for internal agency use and was not affiliated with or approved by the Signal Foundation. Unfortunately, TM SGNL lacked the robust security architecture of the original Signal app. It had been significantly altered, resulting in a far less secure messaging system.

Earlier this year, TM SGNL was compromised in a data breach that exposed sensitive communications from multiple U.S. government agencies. Rather than clearly identify the insecure clone as the source of the breach, many headlines and news reports referred simply to “Signal,” creating the false impression that the widely trusted secure messaging platform had failed.

In reality, Signal was never involved in the breach. Its infrastructure, encryption model, and application remained untouched and uncompromised. The only connection was that Signal’s freely available open-source code had served as the starting point for TM SGNL’s development. From there, the contractor made critical changes—removing safeguards and weakening security measures—which ultimately led to the app’s vulnerability.

This situation highlights a recurring challenge in tech journalism: the distinction between an original open-source project and derivatives built from it is often lost in reporting. When high-profile platforms like Signal are named in stories where they played no operational role, public trust in privacy-focused tools can erode unnecessarily.

Steve Gibson takes time in the episode to walk through the timeline of the TM SGNL breach, clarifying what the app actually was, how it deviated from Signal, and why the breach should never have been framed as a failure of Signal itself. The takeaway is clear: strong encryption and open-source transparency are not to blame here—poor implementation and miscommunication are.

This segment is a must-listen for anyone interested in privacy, secure communications, and the nuances of open-source development. But it’s only one part of an information-packed episode. The show also explores dormant Magento plugins weaponized after six years, confusing behaviors around browser logins, a powerful new speed test tool from Cloudflare, and the latest progress on SpinRite.

You can hear the full breakdown and more on Security Now #1024, available now on TWiT.tv or wherever you get your podcasts.

Share: Copied! Security Now #1024
May 6 2025 - Don’t Blame Signal
The Real Story Behind the TM SGNL … All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Tickets Developer Program and API Tip jar Partners Contact Us
Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast