Hackers Exploit Signal's Linked Devices Feature via Malicious QR Codes \ stacker news ~security

pull down to refresh

Hackers Exploit Signal's Linked Devices Feature via Malicious QR Codes thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html

400 sats \ 4 comments \ @ch0k1 19 Feb security

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.

"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple devices concurrently," the Google Threat Intelligence Group (GTIG) said in a report.

view all related items

21 sats \ 3 replies \ @kepford 20 Feb

it's tracking as UNC5792, have resorted to malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance.

As a result, future messages get delivered synchronously to both the victim and the threat actor in real-time, thereby granting threat actors a persistent way to eavesdrop on the victim's conversations. Google said UAC-0195 partially overlaps with a hacking group known as UAC-0195.

So basically they are tricking users into scanning malicious QR. The users think they are joining a group but are adding a new device. Clever.

0 sats \ 2 replies \ @kepford 20 Feb

Easy way to avoid this is to frequently check linked devices list and revoke devices you aren't using.

51 sats \ 1 reply \ @ch0k1 OP 20 Feb

Ideally you should have only one or maximum two devices (phone and computer) attached to both Telegram or Signal. I just don't see it practical for adding other devices

0 sats \ 0 replies \ @kepford 20 Feb

For sure.