this post was submitted on 20 Feb 2025
209 points (99.1% liked)

Technology

63082 readers
3607 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
209
Russia-aligned hackers are targeting Signal users with device-linking QR codes (arstechnica.com)
submitted 2 days ago by solo@slrpnk.net to c/technology@lemmy.world
12 comments fedilink hide all child comments
 

Swapping QR codes in group invites and artillery targeting are latest ploys.

you are viewing a single comment's thread
view the rest of the comments
[–] TheHobbyist@lemmy.zip 35 points 2 days ago (2 children)

It seems Signal has already pushed out a fix for this, which was abusing the QR codes to actually link a device when it was presenting itself as a way to join a group.

Paywalled: https://www.wired.com/story/russia-signal-qr-code-phishing-attack/

[–] notabot@lemm.ee 18 points 2 days ago

What I find particularly concerning is that the were able to "hide javascript commands that link the victim's phone to a new device" in the payload of a qr-code. I can't see any valid use for javascript in the group joining process, I would expect the code to just be a signal URI with the relevant group ID, so is there sone external javascript interface being exposed?