In the case of Signal, this provider is Twilio - and it is this company that the hackers targeted. The sending of such text messages with one-time codes is handled by specialized companies that provide the same authentication method for multiple services. The code must be entered: if it is correct, that means the user does indeed own the number. In Signal, a phone number is needed for authentication: the user enters their phone number, to which a code is sent in a text message. For example, the secure messenger Threema proudly states as one of its selling points that it does not tie accounts to phone numbers. This is common, but not universal practice. Let’s start with the fact that Signal accounts, as in, say, WhatsApp and Telegram, are linked to a phone number. Does that mean that its renowned security and privacy are just a myth? Let’s see exactly what the attack looked like and what role Signal actually played in it. On the pages of Kaspersky Daily, we have often talked about the fact that Signal is a secure messenger, and yet it was successfully attacked.
Among these 1900 numbers, the attackers were interested in three specifically, whereupon Signal was notified by one of these three users that their account had been activated on another device without their knowledge. So even though the attack affected a minuscule fraction of the audience, it still reverberated around the information security world.Īs a result of the attack, hackers were able to log in to the victim’s account from another device, or simply find out that the owner of such and such phone number uses Signal. That said, Signal is used predominantly by those who genuinely care about the privacy of their correspondence. Given that Signal’s audience runs to more than 40 million active users a month, the incident impacted only a tiny share of them. What happened?Īccording to the statement issued by Signal, the attack affected around 1900 users of the app. We explain why this incident demonstrates Signal’s advantages over some other messengers. On August 15, the Signal team reported that unknown hackers attacked users of the messenger.
0 kommentar(er)
