Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
TechCrunch has learned that hackers are targeting Signal users in an attempt to steal their chat backups as part of a new hacking campaign.
Washington Post analyst Josh Rogin said on Wednesday Post a screenshot A new type of attack against Signal users, where hackers pretend to be the app’s support team and warn the target that backed up chats and media are “at risk of permanent loss due to a sync issue.” To avoid this, the message says, the target needs to share the recovery key used to access online backups in chat with the hackers.
“This links your current backup to your account. Failure to do so may result in losing access to your account and all stored data,” read the message that purports to come from an account called Signal Support.
Rogin said that many anti-Chinese Communist Party activists received this malicious message.
Mohammed Al Maskati, Access Now’s Director Digital Security HelplineHe, who investigates cyberattacks against journalists, dissidents and human rights activists, told TechCrunch that two people shared similar messages with him. Al-Maskati said that the two are not Chinese activists. This suggests that the hacking campaign may be more widespread and targeting other communities, or there may be different groups of hackers using the same strategy.
It is not clear how effective the hacking campaign was. Al Maskati said stealing the victim’s recovery keys for their chat backups is only one step in the attack, and the hackers still have to take control of the victim’s account.
In general, this type of attack depends on Phishing Targets, which means tricking them into sharing some important and private information with hackers. In this particular case, the hackers are posing as Signal’s support team to exploit the target’s trust in the app and the organization behind it.
It is important to note that Signal He says It will never reach users first, and We will never ask To obtain your registration code, PIN, or recovery key. This means that any conversation that pretends to be coming from Signal Support is actually coming from malicious hackers. Organization Publicly warned About this exact type of attack last month.
Contact us
Do you have more information about these attacks against Signal users? Or other similar attacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Email.
While there were several campaigns Hackers Impersonation Signal backup in recent months is a new type of attack because it specifically targets backups, which can contain the victim’s old chats, photos and documents.
Previous hacking campaigns targeting Signal users have attempted to steal the victim’s account and then impersonate them, often with the potential goal of stealing the victim’s contacts or starting conversations with other people as if they were the account owner. In these cases, hackers cannot access previous messages, since the attacks rely on them to re-register the victim’s account on a device they control. Because of how Signal is designed, old messages don’t appear on the new device.
Hackers can take over Signal accounts by hijacking someone’s phone number, for example. But Signal offers optional security features to protect against this, e.g Recording lockedwhich prevents attackers from associating a target’s number with a new device unless they steal the target’s PIN.
In this scenario, one way to see old messages is to access the victim’s online backup, which requires a recovery key.
last year, Signal has launched secure backupsa new subscription feature that allows users to upload the contents of their accounts to Signal’s servers, which are encrypted using a recovery key that the organization says is “never shared with Signal’s servers” and “never leaves” users’ device. signal He says Users should store the recovery key securely on a laptop or within a password manager.
“Without your unique recovery key, no one (including Signal) can read, decrypt, or restore any of the data in your secure backup archive,” Signal said.
This means that a user can only access their archive in a scenario where they register their account on a new phone, download the encrypted backup from Signal’s servers, and then decrypt it using the recovery key.
Signal did not respond to a request for comment.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.
