Encrypted Messages Are Being Targeted, Google Security Group Warns (computerweekly.com) 14
Google's Threat Intelligence Group notes "the growing threat to secure messaging applications." While specifically acknowledging "wide ranging efforts to compromise Signal accounts," they add that the threat "also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques.
"In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats."
Computer Weekly reports: Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram. Dan Black, principal analyst at Google Threat Intelligence Group, said he would be "absolutely shocked" if he did not see attacks against Signal expand beyond the war in Ukraine and to other encrypted messaging platforms...
Russia-backed hackers are attempting to compromise Signal's "linked devices" capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code. Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim's messages without having to compromise the victim's phone or computer. In one case, according to Black, a compromised Signal account led Russia to launch an artillery strike against a Ukrainian army brigade, resulting in a number of casualties... Google also warned that multiple threat actors have been observed using exploits to steal Signal database files from compromised Android and Windows devices.
The article notes that the attacks "are difficult to detect and when successful there is a high risk that compromised Signal accounts can go unnoticed for a long time." And it adds that "The warning follows disclosures that Russian intelligence created a spoof website for the Davos World Economic Forum in January 2025 to surreptitiously attempt to gain access to WhatsApp accounts used by Ukrainian government officials, diplomats and a former investigative journalist at Bellingcat."
Google's Threat Intelligence Group notes there's a variety of attack methods, though the "linked devices" technique is the most widely used. "We are grateful to the team at Signal for their close partnership in investigating this activity," Google's group says in their blog post, adding that "the latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features."
"In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats."
Computer Weekly reports: Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram. Dan Black, principal analyst at Google Threat Intelligence Group, said he would be "absolutely shocked" if he did not see attacks against Signal expand beyond the war in Ukraine and to other encrypted messaging platforms...
Russia-backed hackers are attempting to compromise Signal's "linked devices" capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code. Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim's messages without having to compromise the victim's phone or computer. In one case, according to Black, a compromised Signal account led Russia to launch an artillery strike against a Ukrainian army brigade, resulting in a number of casualties... Google also warned that multiple threat actors have been observed using exploits to steal Signal database files from compromised Android and Windows devices.
The article notes that the attacks "are difficult to detect and when successful there is a high risk that compromised Signal accounts can go unnoticed for a long time." And it adds that "The warning follows disclosures that Russian intelligence created a spoof website for the Davos World Economic Forum in January 2025 to surreptitiously attempt to gain access to WhatsApp accounts used by Ukrainian government officials, diplomats and a former investigative journalist at Bellingcat."
Google's Threat Intelligence Group notes there's a variety of attack methods, though the "linked devices" technique is the most widely used. "We are grateful to the team at Signal for their close partnership in investigating this activity," Google's group says in their blog post, adding that "the latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features."
Supply chain (Score:2)
Secure the supply chain.
Re:Supply chain (Score:4)
Just use an email client supporting GPG encryption and call it a day. Or use ssh to log into a talk session for interactive discussions. That shouldn't be targeted too much since almost nobody uses it in favor of magical apps re-inventing the wheel. /s
Fuck Russia (Score:3, Informative)
But especially, Fuck Putin.
It's absolutely absurd to me that it is agreed upon that heads of state are off limits for targeting. Thousands, hundreds of thousands, millions dead. Most if not all could have been spared with the death of a single head of state. It's completely illogical.
Re: (Score:1)
It's just too easy to do with modern technology, if you start then it doesn't ever stop. Also, no guarantees killing just that guy will have the results you're looking for.
Re: (Score:2)
It's just too easy to do with modern technology, if you start then it doesn't ever stop. Also, no guarantees killing just that guy will have the results you're looking for.
On the one hand, you're right. On the other hand, to play devil's advocate, if it doesn't fix the problem the first time, one could always do it again, and eventually you'd presumably get somebody in power who understands that starting wars means certain death and won't do that. On the third hand, allowing that as a policy could start you down a slippery slope to assassination over trade wars, etc., which would be almost inarguably a bad idea.
A better policy would be to get a bunch of countries together a
Re: (Score:2)
Re:Fuck Russia (Score:4, Informative)
Hey that is no way to talk about Trump’s other boss.
Re: (Score:3)
That back door will be used just as easily as the flaws in authentication that are currently already used.
The only damn solution is to get rid of all the centralized authentication protocols. E2EE without that is a joke, which is why Signal and Telegram are jokes.
Sure, there are hypothetical things like "well you can authenticate out-of-band!", but realistically, that means using another insecure network to transmit credentials.
Authentication on the blockchain is the only solution, a la iMe
Re: (Score:2)
It's absolutely absurd to me that it is agreed upon that heads of state are off limits for targeting.
Okay, let's say the USA deletes Putin. He still has enough loyalists who will make sure Russia responds in kind. Russia's nukes might be held together with duct tape, or they might not. Do you really want to find out?
We absolutely will get rid of heads of state when it's a country where facing significant retaliation isn't a factor and can be done in a way that washes our hands of the actual "killing" part. See Saddam Hussein.
blind trust in the magic of technology (Score:5, Funny)
How secure is secure? (Score:3)
I've been involved in the development of a couple of secure messaging apps with my employers. At the very beginning of development one of our decisions was "how secure is secure?"
We considered three levels: secure against casual snooping, a determined hacker could find their way in, or an app to make the authorities nervous. We decided on the middle level, implementing best current practice with OpenSSL. If somebody wants to steal our customers' secrets that badly they can do it, but it would take some work. We're comfortable with that.
...laura
Putin, if you're listening (Score:2)
We're having chicken tacos for dinner tonight. There, I saved you having to hack into my messages.