Nexus -
info_outline
Stay signed in to save your points and redeem your rewards at Nexus

Your Rewards are Waiting!

Stay signed in to save the points you've earned. Click on the points to redeem your rewards at Nexus before they expire.

Login In Now
Cybersecurity

Signal promises new security measures after wave of phishing attacks

Signal said that because it does not store user data as a matter of principle, it was dependent on information from affected users about the attack. — dpa

SAN FRANCISCO: The encrypted messaging app Signal has said it will introduce additional security measures following phishing attacks targeting politicians, military personnel and journalists in several countries in recent months.

Signal wrote in a post on social media on Monday "in the coming weeks, you’ll see us rolling out a number of changes to help hinder these kinds of attacks," without giving further details.

Signal also stressed that the app's encryption and software had not been hacked. Instead, attackers have tricked users by posing as Signal Support to get login details, Signal said. Every major messaging app was vulnerable to such attacks, in which attackers persuade users to let them in through the "front door."

In recent months, phishing attacks on Signal have been detected in the UK, the Netherlands and most recently Germany, with both Dutch and German officials suggesting that Russia is behind the campaign.

Security officials have warned users to be wary of a suspected state-sponsored phishing campaign targeting Signal, an app known for its high levels of user privacy.

Germany is considering a switch from Signal to Wire for its lawmakers. Andrea Lindholz, Vice-President of Germany's Bundestag, told tabloid Bild that phone numbers aren't disclosed on Wire, email addresses aren’t visible, and the level of security is "significantly higher."

Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), and the Federal Office for Information Security (BSI) had first publicly warned of the ongoing cyberattack in February. They later published a further security advisory with specific guidance on what users should do.

Signal said that because it does not store user data as a matter of principle, it was dependent on information from affected users about the attack.

Users reported that attackers had used the fraudulently obtained login credentials to take over accounts – and in many cases also changed the phone number linked to the account. Using the hijacked accounts, they then exploited contact lists and impersonated the account owners.

Signal also stressed that the app's support staff would never ask for verification codes or PINs.

Signal's encryption enjoys such a high reputation that last year senior US government officials, including Vice President JD Vance and Defence Secretary Pete Hegseth, used the app to discuss attacks on the Houthi militia in Yemen.

The contents of those chats became public, however, after the editor-in-chief of The Atlantic, Jeffrey Goldberg, was accidentally added to a group chat. – dpa

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Mag 7? MANGOS? SpaceX forces name rethink on Wall Street's tech-stock moniker
A Chinese robotics start-up beat Nvidia on a global AI ranking. Is a new tech war brewing?
Should I track my sleep? Here are the pros and cons
For this James Bond, the freedom is not enough
The rise of digital love: Does AI make better partners than humans?
OpenAI under investigation by group of state attorneys general, source says
Anthropic disables top-tier AI models after US order limiting foreign access
Zuckerberg says Meta made 'mistakes' in AI workforce shift
Roku exploring strategic options, including sale of company, sources say
Microsoft has considered spinning off Xbox, the Information reports

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.