The encrypted messenger Signal wants to introduce additional protective measures after phishing attacks on politicians, military personnel and journalists in Germany. The first time someone receives a message from an unknown number, additional warnings will be displayed in the future, said Meredith Whittaker, the president of the non-profit foundation that operates Signal, in an interview with the news magazine “Der Spiegel”.
Read more after the ad
Phishing attacks against members of the federal government
In the most recent phishing campaign against users of the popular messenger service, the focus was primarily on representatives of the federal government and government parties. Those affected included Bundestag President Julia Klöckner (CDU) and cabinet members Verena Hubertz (SPD) and Karin Prien (CDU). Various security experts assume that attackers from Russia are behind the cyber attack.
Whittaker emphasized in the interview that the messenger had not been hacked. “Signal remains secure – our encryption remains robust and no vulnerabilities have been discovered in our open source code. Our success has obviously made us a target, more specifically our many high-ranking users.” These were manipulated through social engineering to make mistakes. “This can happen on any service.”
Additional warning is intended to protect
The Signal boss announced that accepting new, unknown contacts will no longer be possible with a single click in the future and will necessarily contain a warning. “We’re still exploring other ideas and will share more soon. And to be clear, Signal will never contact users in a two-way chat to ask for their PIN, key, or other information.”
The fact that the attackers went by names like “Signal Support” also came under criticism. But Signal cannot and does not want to prevent that, said Whittaker. “That would only be possible if the app read and proactively filtered content.” Their services are already under “massive pressure from certain governments” to “scan content before it is encrypted.” You don’t want to bow to that.
Read more after the ad
Signal also can’t see profile names
The principle at Signal, Whittaker continued, is “to know as little as possible about our users or even their communication. It is encrypted, including for us.” Therefore, the service cannot even see user names or contacts.
Whittaker criticized the fact that female politicians affected by the phishing attack had been denigrated online as digitally illiterate. “I was disappointed, but not surprised. I definitely notice a certain arrogance in parts of the tech scene, which is not nice.”
Read also
(NO)
