Signal remains relatively safe as an encrypted messages app and protocol. But the growing popularity of Signal as an aid to bypass supervision has led to agents being affiliated with Russia to manipulate the users of the app to secretly link their devices, according to Google's Threat Intelligence Group.
While the continuous invasion of Russia in Ukraine probably stimulates the desire of the country to work on the coding of Signal, “We expect that the tactics and methods used to focus on the signal will grow in the prevalence on the short Term and prolifate themselves into additional threat factors and regions outside the Ukrainian theater Oor War, “writes Black on Google's threat intelligence Blog.
There was no report of a signal vulnerability in the report. Almost all secure platforms can be overcome by a form of social engineering. Microsoft 365 accounts have recently been demonstrated as the target of “device code flow” Oauth phishing by Russia-related threat factors. Google notes that the latest versions of signal functions that are designed to protect against these phishing campaigns.
The primary attack channel is the “linked devices” function of the signal, with which one signal account can be used on multiple devices, such as a mobile device, desktop computer and tablet. Linking takes place typically via a QR code prepared by Signal. Malicious “Linking” QR codes have been placed by Russia-Uitgevelicht actors, who disguises as group invitations, security warnings or even “specialized applications used by the Ukrainian army,” says Google.
APT44, a Russian state hacking group within the military intelligence of that state, Gru, has also worked to enable Russian invasi groups to link signal accounts to devices recorded on the Battlefront for future exploitation, Google claims.
