Signal security under scrutiny after months-long spying of German politicians’ Signal groups
German federal politicians’ Signal security has been called into question after reports that attackers secretly accessed Signal groups for months, prompting a federal espionage probe.
Strong reporting that emerged this week indicates that attackers infiltrated Signal groups used by members of the German federal government, renewing scrutiny of Signal security and account-recovery procedures. The Federal Prosecutor’s Office (Bundesanwaltschaft) has opened an investigation on suspicion of espionage, and authorities say the operation targeted political communications across multiple accounts. The revelations come amid longer-standing warnings from domestic and foreign intelligence services about a wave of phishing attacks aimed at exfiltrating messaging accounts.
Federal Prosecutor Opens Espionage Probe
The Bundesanwaltschaft confirmed it had launched an inquiry after allegations of covert access to encrypted messaging groups surfaced. Prosecutors are reportedly treating the incident as a potential state-level espionage matter because the alleged victims include high-ranking officials. Investigators will seek to determine how accounts were compromised, who benefited from the access and whether classified or politically sensitive information was obtained.
Alleged Targets Included Cabinet Members and Parliamentary Leadership
According to detailed accounts circulating in German media, the compromised groups included the Signal accounts of several federal politicians across party lines. Names reported as affected include Federal Education Minister Karin Prien, Federal Construction Minister Verena Hubertz and the President of the Bundestag, Julia Klöckner. Officials have not publicly confirmed all details of exposure, but the mix of roles cited — ministers and parliamentary leadership — elevates concerns about the scope and motive of the intrusions.
Phishing Campaign Appears to Exploit Account-Recovery Weaknesses
Security analysts say the attackers used targeted phishing techniques to obtain authentication tokens or to trick carriers and service providers into enabling account takeovers. While Signal uses strong end-to-end encryption for message content, account registration relies on possession of a phone number and the single-use registration codes sent to that number. Threat actors can abuse social-engineering routes, SIM-swapping, or fraudulent requests to intercept those codes and register devices in a victim’s name, sources familiar with such operations explain.
Intelligence Services Had Issued Prior Warnings
German and allied intelligence agencies flagged a rising trend of phishing operations targeting politicians, diplomats, military personnel and journalists in recent months. Those warnings advised officials to tighten recovery procedures, enable additional safeguards and limit the use of common phone numbers for sensitive accounts. Despite the alerts, investigators suggest the scale and persistence of the campaign may have outpaced existing protective measures across multiple institutions.
Implications for Political Communication and Trust
The incident has immediate implications for how politicians communicate about policy, personnel and national security matters. If messaging groups used for coordination were accessed, adversaries could gain insight into strategy, negotiation positions or personnel movements. The breach risk also erodes public confidence in the confidentiality of political communications and may prompt parties and ministries to reassess which platforms are appropriate for official use.
Calls Grow for Stronger Technical and Administrative Safeguards
Security experts and some lawmakers are urging rapid adoption of measures such as hardware-based authentication keys, dedicated government lines with hardened carrier procedures, and stricter rules for account recovery. Training and phishing-resistance programs for political offices are also being recommended to reduce successful social-engineering attempts. Agencies may also consider restricting the use of consumer messaging apps for sensitive coordination until robust, account-level protections are universally deployed.
Ongoing Inquiries and Potential Political Consequences
Investigators face the twin tasks of establishing the technical method of compromise and mapping the operational impact of the intrusions. Political leaders have signaled the matter will be taken seriously; oversight committees and party headquarters are expected to review internal practices. If evidence confirms foreign intelligence involvement, the episode could trigger diplomatic responses or renewed calls for legislation on secure communications for public officials.
The investigation is in its early phase and many questions remain about who carried out the campaign and what specific information was accessed. Officials have warned that as attackers refine social-engineering tactics, elected representatives and staff must treat account security as an essential element of democratic resilience.
