Actually, there is very little that Signal can do about the fact that it is once again at the center of a debate about IT security breaches. Russian hackers are said to have potentially been able to read the communications of numerous high-ranking German politicians via messenger. According to information from “Spiegel”, those affected included Bundestag President Julia Klöckner, Education Minister Karin Prien (both CDU) and Construction Minister Verena Hubertz (SPD).
In recent months, German and foreign security services have repeatedly warned of a so-called phishing campaign via Signal. For example, attackers pose as messenger support and demand to enter access data. They apparently targeted the Signal accounts of politicians, civil servants, diplomats, military personnel and journalists. The hackers can use the access data to add additional devices to the Signal account and secretly read conversations or even completely lock out the owners in order to communicate with other contacts on their behalf or to compromise them as well.
It wasn’t Signal that was hacked, it was the politicians
The attackers did not hack the signal messenger or exploit a security hole, but rather the users. In fact, Signal is still considered one of the safest messengers out there. By default, all messages, calls and group chats are end-to-end encrypted using the Signal protocol. This means that neither the operator nor third parties such as telephone providers, secret services or hackers who have taken over the WLAN router can access the content. Even NSA whistleblower Edward Snowden once recommended the service.
Although Signal is American, it tracks differently Whatsapp or other competitors but have no commercial interests, but are supported by the non-profit Signal Foundation. Their purpose is to continue to ensure secure communication.
Nevertheless, calls for a signal ban for politicians are increasing. On Monday, Bundestag Vice President Andrea Lindholz (CSU) called on the Federal Government and the Bundestag to stop using the service in “Bild”. “We should think about banning signals on the official devices of MPs and Bundestag employees,” said Lindholz. According to media reports, out of concern about digital espionage, the EU Commission recently instructed its highest-ranking officials to immediately close a signal group for internal communication. Signal has now announced updates that are intended to make things more difficult for phishing actors.
Signal is not designed for use in authorities
Nobody doubts the security of the encryption protocol. What is more problematic is that Signal is not designed for use in the commercial sector or in authorities, but rather for end consumers. Critics say that Signal was not developed to meet the needs of the public sector. For example, it is about the verification of employees and precise mechanisms as to who is allowed to access which digital resources, data and systems.
In March 2025, the American government came under fire because high-ranking government members exchanged confidential information via the messenger service, including about a planned US attack on Houthi militias in Yemen. However, the editor-in-chief of the US media “The Atlantic” was accidentally invited to the chat group and was able to read the sensitive messages.
Control over the so-called metadata is also an important point. Even with complete encryption, these can, for example, provide information about who communicated with whom and when. Signal critics complain that cyber espionage is much easier to prevent in closed environments.
Many states are working on alternatives
Numerous European countries – including Germany, France, the Netherlands and Belgium – are therefore working on their own messengers for secure use in authorities. In March, Belgium began rolling out the Beam messaging app, developed by the state-backed company Belgian Secure Communications, which will be used by around 750,000 public sector employees. Germany is working with two private sector providers that should have made the use of Signal or Whatsapp superfluous long ago.
On the one hand, there is Wire, a Berlin-based software company founded in 2012. The shareholders include the Schwarz Group, which is known for the discounter Lidl, but is also pursuing ambitious plans in the digital business with Schwarz Digits. Bundestag Vice President Lindholz is also calling for a switch to wire, which offers a “significantly higher” level of security. The Bundestag makes Wire available for official purposes. “Now everyone has to actually use it,” said the CSU politician.
By default, messages sent or calls made via Wire are end-to-end encrypted; the source code of the software is publicly available. Since 2022, the federal government has been testing a version specifically adapted to its needs called “Wire Bund”. The Federal Office for Information Security recently officially approved Wire for use in the “classified information – for official use only” environment, which enables a significantly broader use.
Wire boss: “We had to be tested for three years”
“In order to be certified by the BSI for confidential communication in ministries, we had to undergo three years of testing and have our code checked,” Wire boss Benjamin Schilz told the FAZ last December. Schilz says a security breach like the one the U.S. government experienced with Wire wouldn’t have happened. “Our app is not only safe as a product, but also takes user behavior into account,” explains the Wire boss. If all members of a chat group are authorized to receive documents with the classification level “classified information – for official use only”, a green banner will be clearly displayed to the members. As soon as a user joins or is invited who does not have this permission, this banner will turn red.
But Wire is not the only messenger within the federal government that is designed for security. The Bundeswehr’s IT service provider BWI has developed its own messenger based on the provider Element. Information with the protection class “classified information – for official use only” is also sent via the “Bwmessenger”. Element is based on the Matrix protocol – an open communication protocol that allows the decentralized use of chat, video and IP telephony.
All Matrix-based applications can communicate with each other. More than 25 governments worldwide have adopted matrix-based systems. NATO’s messenger is also based on Matrix. Unlike Wire, for example, matrix-based messengers work decentrally. A user’s data is not on a third-party server, and the user can fully control the software on their own server. If an organization’s server fails, the rest of the network continues to function. This is intended to prevent millions of users from suddenly being unable to communicate with each other due to technical problems.
The fact that there are two solutions within the federal government is causing criticism. The momentum for highly secure alternatives to Teams and Slack or Whatsapp and Signal currently seems to be high after years of rather sluggish implementations. But regardless of whether politicians use Signal, Wire or Element, one IT security truism remains valid: the biggest gateway for hackers remains people.
