- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.
Russia-backed hackers are attempting to compromise Signal’s “linked devices” capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code.
Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim’s messages without having to compromise the victim’s phone or computer.
You must log in or register to comment.
To clarify, there is no compromise of encryption protocols, but they are using social engineering to trick users into giving up their credentials.
Never trust any QR codes, especially ones from an unfamiliar source. All someone needs to do is grab the basic QR code from the login page, send that to you with a simple “Scan to add me as a friend/join our group chat” message, and you’ve inadvertently approved someone to access your account—no “hacking” required. That is what is happening here.
That’s why I like this QR Code scanner because it makes you verify the link before you can visit the link.
