Privacy

1508 readers

66 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

[email protected]

Warning over privacy of encrypted messages as Russia targets Signal Messenger (www.computerweekly.com)

submitted 1 week ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.

Russia-backed hackers are attempting to compromise Signal’s “linked devices” capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code.

Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim’s messages without having to compromise the victim’s phone or computer.

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 50 points 1 week ago (1 children)

To clarify, there is no compromise of encryption protocols, but they are using social engineering to trick users into giving up their credentials.

Never trust any QR codes, especially ones from an unfamiliar source. All someone needs to do is grab the basic QR code from the login page, send that to you with a simple "Scan to add me as a friend/join our group chat" message, and you've inadvertently approved someone to access your account—no "hacking" required. That is what is happening here.

[–] talentedkiwi 9 points 1 week ago

That's why I like this QR Code scanner because it makes you verify the link before you can visit the link.