this post was submitted on 23 Feb 2025
61 points (90.7% liked)

Privacy

901 readers
301 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
61
Warning over privacy of encrypted messages as Russia targets Signal Messenger (www.computerweekly.com)
submitted 10 hours ago* (last edited 1 hour ago) by fxomt@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
9 comments fedilink hide all child comments
 

A lot of people seem to be confused so to clear up: They haven't broken encryption. They are phishing using malicious QR codes.

Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.

Google Threat Intelligence Group disclosed today that Russia-backed hackers had stepped up attacks on Signal Messenger accounts to access sensitive government and military communications relating to the war in Ukraine.

Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram.

you are viewing a single comment's thread
view the rest of the comments
[–] evilcultist@sh.itjust.works 68 points 10 hours ago (4 children)

To be clear: these are phishing techniques. They aren’t breaking the encryption, they’re getting the user to let them in.

[–] fxomt@lemmy.dbzer0.com 6 points 10 hours ago (2 children)

Yes; they are not breaking it, but they have developed malicious QR codes, which the user expects to be the link device QR, but is actually giving them access to their messages.

Russia-backed hackers are attempting to compromise Signal’s “linked devices” capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code.

Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim’s messages without having to compromise the victim’s phone or computer.

[–] andyburke@fedia.io 5 points 8 hours ago (1 children)

Who is scanning random qr codes into signal?

[–] ocean@lemmy.selfhostcat.com 4 points 7 hours ago

I scam every one I see

load more comments (1 replies)