Signal: Dangerous group invitations from the opponent
Google warns of attacks on Ukrainian Signal users. But the method also works with other popular apps and users.
(Image: Camilo Concha/Shutterstock.com)
What if the wrong people not only hear the signals, but also follow them? Since the start of Russia's major attack on Ukraine almost three years ago, the country has been an intensive user of the Signal app for secure and encrypted communication. The fact that Russian intelligence services and their helpers go to great lengths to spy on targets comes as no surprise – but the specifics of how provide important clues.
Google's Threat Intelligence Group is now warning of attacks using manipulated invitations to group conversations. These are used to link an attacker's device to the account of the attacked user – without the user noticing. All it takes is a few lines of JavaScript – and the attacker's communication can be traced by third parties. This path should already be blocked with the current versions of Signal. Nevertheless, Google recommends regularly checking the “paired devices” list for unauthorized devices.
Further attack variants
The Google security researchers also warn of other variants of attacks on the Messenger app. For example, QR code phishing attacks in Ukraine are being used to target users. Captured devices that fall into the hands of the attackers during combat operations and are used for further attacks on Ukrainian users or software-based infrastructures are described as a further security risk.
Videos by heise
Software-defined defense plays a central role for Ukraine: the rapid exchange of information on specific infrastructures allows decisions to be made on the efficient use of resources almost in real time. While many soldiers and citizens in Ukraine still relied on the Telegram app at the start of the Russian invasion in 2022, security-related use later largely shifted to Signal.
Warning also applies outside Ukraine and beyond Signal
Google's security specialists warn that such attack methods will not be limited to Ukraine: “We believe it is very likely that these tactics will spread beyond Ukraine and be used worldwide in the near future,” says chief analyst Dan Black. The threats are also not limited to Signal, but also affect other messengers such as WhatsApp and Telegram.
These have also been targeted by groups attributed to Russia in recent months. According to the Google Threat Intelligence Group, the Signal developers cooperated intensively with their security researchers, and the Indicators of Compromise are part of the publicly accessible report by the Google security researchers.
(mki)
