heise PlusAbo
Anzeige

Attack via Signal: BfV and BSI warn politicians, military personnel, diplomats

An attack on users of the Signal messenger, which became known last week, targets members of the Bundestag and other important individuals.

listen Print view
Signal app on a smartphone, with a fingertip above it

(Image: Melnikov Dmitriy / Shutterstock.com)

3 min. read
By

The Federal Office for the Protection of the Constitution and the Federal Office for Information Security are jointly warning of a phishing attempt by a presumably state-sponsored or state-controlled attacker in the Signal messenger.

"High-ranking targets from politics, military, and diplomacy, as well as investigative journalists in Germany and Europe, are the focus," states a security notice sent to the Bundestag and its members, among others. "The currently observed attack campaign is to be classified as security-relevant, especially with regard to high-ranking target individuals."

Legitimate security functions are being misused for the attack – but these require user cooperation. Comparable procedures would also work with WhatsApp, warn the two authorities, of which the BfV is responsible for espionage and the BSI for federal cybersecurity.

First variant leads to account loss

One of two described attack variants follows a conceivable simple pattern: An alleged support bot or an alleged support team contacts users, claiming that their device security is at risk.

Phishing-Attacke per Signal (2 Bilder)
(Bild:

Falk Steiner

)

Only if they immediately transmit their security PIN or a verification SMS would their device be safe. If the contacted individuals follow the request, the attackers will use the account from that moment on in a self-controlled environment. Anyone who then writes to the account is only writing to the attackers. Nevertheless, they do not have access to the user's contacts or previous chat content. However, a recovery of the account by the user is no longer possible.

Videos by heise

Second variant allows further access

However, BfV and BSI also warn of a second variant, in which content and contacts can also be compromised. A pretext is sought as to why the attacked user should scan a QR code. But this is the authorization for the attackers to then link a new device to the account – which gives them access to messages and content from the past one and a half months and allows them to read current messages. They can also send messages in the name of the victim – and thus reach further potential victims.

Read also

Given the reports of sightings of the attacks, this does not appear to be a very targeted attack on individual actors, but rather a scattershot approach. Since Signal does not have access to end-to-end encrypted messages and does not perform client-side scanning for spam or phishing, it relies on the attention of its users not to fall for such attempts.

(mack)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten