The gold standard for digital privacy has long been end-to-end encryption, the invisible lock that keeps our most personal conversations away from prying eyes. But as security software becomes harder to crack, bad actors are shifting their focus away from the code and toward the person holding the phone.
Take the latest warning from the Netherlands’ two intelligence agencies, AIVD and MIVD, for example. The agencies report that hackers linked to Russia are trying to gain access to Signal and WhatsApp accounts belonging to government officials, journalists, and military personnel in what the authorities describe as a large-scale global cyber campaign.
It starts with victims receiving messages from accounts pretending to be Signal support, claiming that there’s been suspicious activity on their account. The user is then asked to verify their account by providing their Signal PIN or the SMS verification code sent to their phone.
If the victim ends up sharing this information, the attacker can register the account on another device and begin receiving the victim’s ensuing messages.
Another method to gain access involves the “linked devices” feature offered by both apps. The attacker sends a link or QR code and asks the target to scan it. If the user follows through, the perpetrator’s device gets connected to the account in question, and they subsequently gain access to conversations.
Dutch authorities say these attacks do not involve breaking the encryption used by Signal or WhatsApp. Instead, they rely on tricking users into approving access themselves. Officials have, as a result, advised users not to share verification codes or PINs in chat messages and to check the list of devices linked to their account for anything unfamiliar.
Sources: AIVD official announcement, AIVD Cybersecurity Advisory, Malwarebytes