Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
For more than a decade now, Russian Cyberwarfare used Ukraine K. Test laboratory For the latest piracy technology, the methods that often target the Ukrainians first before spreading it on a larger scale. Now Google warns of a Russian spy trick that has been used to get Ukrainian messages on the encrypted platform signal– Both Ukrainians and other signal users around the world must protect themselves with a new update of the application.
Google’s threat intelligence team issued on Wednesday a report It reveals how many of the groups of infiltrators that serve the interests of the Russian state target the signal, which is the tool of the encoded from one side The battlefield contacts of the Ukrainian army. These groups associated with Russia, which Google gave to the UNC5792 and UNC4221 work names, benefit from the signal that allows users to join a signal set by wiping the quick response icon from their phones. By sending deceptive hunting messages to the victims, often on themselves, both groups of the infiltrator rid this group in the form of QR codes that instead hide the JavaScript orders that link the victim’s phone to a new device – in this case, one in the hand of the eavesdropping that He can then read every message that the goal sends or receives.
“It looks like a group’s invitation completely, and everything will work completely, except when wiping it, connecting the device,” says Dan Black, a Google Cyblespionage and former NATO analyst. “It immediately lists your device with your devices. And all your messages now, in real time, are delivered to the representative of the threat while receiving it.”
Two months ago, Google started a warning Al -Insaor Foundation, which maintains the private communication platform About Russia’s use of the hunting technology in the fast response code, and the signal last week has finished offering an update for iOS and Android designed to counter the trick. The new protection warns to users when they link a new device and check with them again on a random break a few hours after adding this device to confirm that they still want to share all the messages with it. The signal now also requires a model of approval such as entering the passcode or using Faceid or Touchid to iOS to add a new connected device.
In fact, Signal had already worked to update the forms of hunting protection that aims to exploit the device’s associated feature before Google’s warning, says Josh Lund, chief technician in Signal. But the Google report on spying in Russia in Ukraine provided an “sharp” example of the problem that led them to move quickly to protect users.
“We are really grateful to the Google team to help them make the signal more flexible for this type of social engineering,” Lund says, using the term cybersecurity for tricks that deceive victims to give infiltrators sensitive information or access to their systems.
Both Google and Signal confirmed that the Google’s hunting technology that Google has seen in Ukraine does not indicate that Signal’s encryption has been broken or that the application messages can be installed in crossing. Instead, the trick mainly combines two legitimate features-calls the QR-Code collection and the QR-Code that connects the smartphone with a laptop-one-switch with the other to deceive users. “Hunting is a big problem on the Internet,” Lund says. “But we are trying to do our best to maintain the safety of users, and we believe that these recent improvements will really help.”