Recently, Signal and Dutch intelligence agencies revealed a campaign targeting government officials and journalists through social engineering techniques. Importantly, Signal’s end-to-end encryption remains intact, but user accounts can still be compromised through clever attacks.
Common Attack Methods:
-
Fake In-App Chatbot:
Hackers send messages posing as the "Signal Security Support ChatBot," requesting SMS verification codes or PINs. If the user complies, the attacker gains full control of the account. -
Exploiting the "Linked Devices" Feature:
By tricking users into scanning a malicious QR code, attackers link their own device to the account, allowing them to read messages in real time without any notification.
Also discover Signal Criticizes Targeted Ads in WhatsApp: Deemed Illegal in Many Countries
Tips to Secure Your Signal Account:
- Enable Registration Lock (Settings > Account > Registration Lock).
- Regularly check Linked Devices (Settings > Linked Devices).
- Never share your PIN or SMS verification codes.
Signal emphasizes that its support team will never ask for codes via the app or social media, so any such request should be considered a scam.
Key Takeaways
These recent attacks show that digital security isn’t just about encryption—user awareness is equally crucial. Strong passwords, monitoring linked devices, and ignoring suspicious requests are essential steps to protect your Signal and WhatsApp accounts.