Cybercriminals are focusing on Signal users as part of a fresh hacking effort to access their chat backups, according to reports.
On Wednesday, Washington Post analyst Josh Rogin posted a screenshotA new type of attack targeting Signal users involves hackers posing as the app's support team, informing the victim that their backed-up messages and media are "at risk of permanent loss because of a synchronization problem." The message instructed the victim to share the recovery key, which is required to access their online backups, by sending it to the attackers.
"This connects your current backup to your account. Not completing this could lead to losing access to your account and all saved data," the message claimed to be from an account named Signal Support.
Rogin mentioned that multiple individuals opposing the Chinese Communist Party have received this harmful message.
Mohammed Al-Maskati, the director at Access Now'sDigital Security Helpline, which looks into cyberattacks on journalists, critics, and human rights defenders, mentioned that two individuals sent him comparable messages. Al-Maskati stated that these two are not Chinese activists. This implies that the hacking operation might be broader in scope and targeting other groups, or there could be multiple hacker groups employing the same approach.
It remains uncertain how successful the hacking operation has been. Al-Maskati mentioned that obtaining the victim's recovery keys for their chat backups is just one part of the attack, and that the hackers still need to gain control of the victim's account.
In most cases, this kind of assault depends onphishingtargets, which involves deceiving them into providing sensitive and private information to the hackers. In this specific instance, the hackers are posing as Signal's support team to take advantage of the target's trust in the application and the company behind it.
It is crucial to mention that Signalsaysit "will never initiate contact" with users first, andwill never askfor their registration code, PIN, or recovery key. This indicates that any chat claiming to be from "Signal Support" is actually sent by cybercriminals. The organizationhas publicly warnedabout this specific type of attacks last month.
Contact Us
Do you have additional details regarding these attacks targeting Signal users? Are there any other comparable incidents? If you're using a personal device, you can securely reach out to Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, oremail.While there have been multiple efforts ofhackers impersonatingSignal's support in recent months has introduced a new form of attack that specifically focuses on backups, which may include a victim's previous chats, images, and files.
Previous cyberattacks aimed at Signal users sought to take over a user's account and then pose as them, typically with the aim of acquiring the victim's contact list or initiating conversations with others under the guise of the account holder. In these instances, hackers do not gain access to previous messages, as the attacks involve re-registering the victim's account on a device controlled by the attacker. Due to Signal's design, older messages are not visible on the new device.
Cybercriminals may gain control of Signal accounts by taking over a person's phone number, for instance. However, Signal provides optional security features to defend against this type of breach, such asRegistration Lock, which stops hackers from connecting a user's number to a new device unless they obtain the user's PIN.
In such a situation, one method to view older messages would be to retrieve the victim's online backup, which necessitates the recovery key.
Last year, Signal launched Secure Backups, a new opt-in feature allowing users to upload their account's data to Signal's servers, which are encrypted using a recovery key that the organization claims is "never shared with Signal's servers," and "never leaves" the user's device. SignalsaysUsers are advised to keep the recovery key safe in a notebook or within a password manager.
"Without your specific recovery key, no one (even Signal) has the ability to view, decode, or retrieve any information stored in your Secure Backup Archive," Signal stated.
This implies that only the user can access their archive in a situation where they set up their account on a new phone, download the encrypted backup from Signal's servers, and then unlock it using the recovery key.
Signal did not provide a response to the request for comment.
No comments:
Post a Comment