Signal’s Growing Popularity Attracts Russian Surveillance Efforts
Signal’s Encryption Remains Intact, but Users Must Be Cautious
Signal, an encrypted messaging app and protocol, remains relatively secure. However, its growing popularity as a tool to circumvent surveillance has led agents affiliated with Russia to attempt to manipulate users into surreptitiously linking their devices.
Russia’s Interest in Signal’s Linked Devices Feature
The primary attack channel is Signal’s "linked devices" feature, which allows one Signal account to be used on multiple devices. Linking typically occurs through a QR code prepared by Signal. Malicious "linking" QR codes have been posted by Russia-aligned actors, masquerading as group invites, security alerts, or even "specialized applications used by the Ukrainian military," according to Google.
Apt44’s Involvement in Russian Surveillance Efforts
Apt44, a Russian state hacking group within the GRU, has also worked to enable Russian invasion forces to link Signal accounts on devices captured on the battlefront for future exploitation, Google claims.
Phishing Campaigns and Social Engineering
There was no mention of a Signal vulnerability in the report. Nearly all secure platforms can be overcome by some form of social engineering. Microsoft 365 accounts were recently revealed to be the target of "device code flow" OAuth phishing by Russia-related threat actors. Google notes that the latest versions of Signal include features designed to protect against these phishing campaigns.
Conclusion
Signal’s growing popularity has attracted the attention of Russian surveillance efforts. With its linked devices feature, users must be cautious of malicious QR codes and phishing campaigns. Google’s Threat Intelligence Group warns that the tactics and methods used to target Signal will likely grow in prevalence and proliferate to additional threat actors and regions outside the Ukrainian theater of war.
FAQs
Q: Is Signal’s encryption compromised?
A: No, Signal’s encryption remains intact.
Q: What is the primary attack channel?
A: The primary attack channel is Signal’s "linked devices" feature, which allows one Signal account to be used on multiple devices.
Q: What is the goal of the malicious QR codes?
A: The goal is to surreptitiously link devices to Russian-controlled servers for future exploitation.
Q: What is Apt44’s role in Russian surveillance efforts?
A: Apt44, a Russian state hacking group within the GRU, has worked to enable Russian invasion forces to link Signal accounts on devices captured on the battlefront for future exploitation.
