“`
the messenger app Signal is actually considered quite secure due to its end-to-end encryption and open source code. Nevertheless, the Federal Office for the Protection of the Constitution and the Federal Office for Information Security are currently warning of a targeted phishing campaign that does not circumvent these security mechanisms technically, but rather through social manipulation. The warning is unusually clear and is expressly aimed at users who have already been potentially affected.The core of the attacks is fake news that masquerades as official information from Signal.in a common variant, an alleged Signal chat bot reports in English saying that the user account has been compromised. Recipients will be asked to enter their signal PIN and re-register. Another version claims that paired devices need to be relinked for security reasons.However, the links or QR codes provided do not lead to signal, but rather allow the attackers to access the account.
The design of the messages is especially perfidious. They contain explicit warnings not to pass on the PIN to other people, but only to communicate with Signal itself. According to the security authorities, it is precisely this information that increases the credibility of the message and lowers the inhibition threshold to follow the instructions it contains. technically, the attackers are not exploiting a vulnerability in the Signal software itself, but are instead abusing the registration and device linking mechanisms to take over accounts.
According to the joint warning message from the BfV and the BSI, it is most likely a state-controlled cyber actor. One of the reasons for this is the selection of target persons. Those primarily affected are high-ranking political, military and diplomatic actors as well as investigative journalists in Germany and other European countries. The authorities assume that this is a coordinated campaign aimed at intelligence analysis of sensitive communications.
Successful access to a Signal account not only allows viewing confidential individual chats. Depending on the dialogue structure, entire networks can also be compromised, for example by reading group chats, collecting metadata or deliberately distributing manipulated messages in the name of the person concerned.This creates a significant risk for the confidentiality of professional and private communication.
Against this background,the federal Office for the Protection of the Constitution and the BSI expressly call on users who have already responded to such a message or entered their PIN to contact the authorities. Provides instructions and further information the joint warning message ready. At the same time, it is emphasized that Signal itself never asks for PINs via chat and that security-relevant actions only take place within the app without external links or QR codes.
“`