Cyber attackers linked to Russia’s military intelligence agency had sought to gain access to Signal accounts
  • skozzii@lemmy.caEnglish
    143·
    8 hours ago

    These boomers think Signal is safe because they use the word encrypted.

    Can we please vote these clowns out and get some adults back in government?

    • runiq@feddit.orgEnglish
      26·
      7 hours ago

      Signal is pretty safe. They exploited a specific phishing vector and forged group chat invite links that also send conversation data to their own linked devices.

      AFAICT this was a phishing attack, not an attack on Signal.

      Disclaimer: I’m not endorsing the use of Signal for government information, which is supposed to be kept for the record.

  • mhague@lemmy.worldEnglish
    25·
    11 hours ago

    As of March 2023, Pegasus operators were able to remotely install the spyware on iOS versions through 16.0.3 using a zero-click exploit. While the capabilities of Pegasus may vary over time due to software updates, Pegasus is generally capable of reading text messages, call snooping, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps.

    This is consumer grade spyware built by Israeli intelligence and loaned out to just about everyone. It’s been around for a decade. Governments use this to hunt down activists and opposition party members.

    This Signal leak is one hole in the colander. Sure, water will leak through that hole. But water will also leak through all the other holes. And the countries collecting that water have more than what NSO Group contracts out.

  • sylver_dragon@lemmy.worldEnglish
    825·
    16 hours ago

    Uh, no shit. State backed espionage groups are targeting the communications channels used by their primary targets. What are you going to tell me next? That water is wet and fire is hot? If the US government started using IP over Avian Carrier (RFC1149) you can bet that the GRU would start up a program to intercept the carriers.

    • Darkassassin07@lemmy.caEnglish
      421·
      16 hours ago

      It’s not a surprise Russia and friends are attacking the platform; it’s surprising the Whitehouse is using it for official communications. (or at least it would be, if the WH wasn’t occupied by nazi tech bros…)

      • Darkassassin07@lemmy.caEnglish
        51·
        16 hours ago

        🤔 I wonder how much data a single bird could feasibly carry. Quite a bit more than when this standard was first thought up I’m sure. You can get some incredibly high capacity sd cards now.

        • phar@lemmy.mlEnglish
          1·
          3 hours ago

          Its not a question of where it could grasp the data, it’s a question of weight ratios

        • lka1988@sh.itjust.worksEnglish
          3·
          9 hours ago

          I wonder how much data a single bird could feasibly carry

          I imagine it’s quite a lot. You already brought up high-capacity SD cards, so at that point it’s figuring out how much weight the bird can carry in terms of 1TB SD cards or similar.

  • arankays@lemmy.caEnglish
    82·
    17 hours ago

    Even if they do get access to the chat logs, good luck brute forcing those encryption keys Putin!

    • ramjambamalam@lemmy.caEnglish
      19·
      14 hours ago

      I can think of easier ways of compromising the data besides brute forcing the keys, off the top of my head, and I’m just some schmuck. Relevant XKCD: https://xkcd.com/538/

      1. Compromise their endpoint with a malicious app on the app store.

      2. Gain physical access to the device and compromise it. Use your imagination – pickpocket, traffic stop or customs inspection by a compromised agent, seduce them with a honeypot, etc.

      3. Socially engineer them to mistakingly add you to their group chats.

      4. SIM swap

      Signal might be fine for journalists, criminals, cheating spouses, and general privacy when used properly with good OpSec but nation state adversaries have significantly greater resources than your average attacker, and thus require more significant security.

    • alphadont@lemmy.caEnglish
      6·
      15 hours ago

      Well, he just needs to get them to accidentally add his spy to their group chat. How hard can it be?

    • jaybone@lemmy.worldEnglish
      1·
      15 hours ago

      Wasn’t there a hacker group some years ago that released Signal binaries with backdoors that allowed attackers to read decrypted messages?

    • sensiblepuffin@lemmy.funami.techEnglish
      1·
      5 hours ago

      Many comments, one post mad about jordanlund. What do you think happened today that’s more important? Clearly you must not think it’s important if you didn’t post anything about it.