Hackers Exploit Signal’s Device Linking Feature Using QR Codes
A new cybersecurity warning has revealed that hackers have found a way to secretly access private messages sent through Signal, one of the most popular encrypted messaging apps. They are abusing a feature called “Linked Devices,” which allows users to access their Signal account on multiple devices. By tricking users into scanning fake QR codes, hackers can add their own devices to a victim’s account without needing a password or breaking encryption.
Once a hacker successfully links their device, every message the victim sends or receives is instantly copied to the attacker’s device in real time. This method completely bypasses Signal’s encryption, which is supposed to keep conversations secure. Because the encryption itself remains intact, users may not realize that their messages are being monitored.
This attack has become a major concern because Signal is widely used by people who handle sensitive information. Military personnel, government officials, journalists, and activists frequently rely on the app for private conversations. Cybercriminals see these users as high-value targets, as accessing their messages can provide valuable intelligence.
Fake Group Invites and Phishing Tricks Using QR Codes
Hackers are using phishing techniques to trick users into linking their accounts to attacker-controlled devices. The most common method involves fake Signal group invitations. Users receive what appears to be a regular Signal invite, but instead of joining a real group, they unknowingly scan a QR code that links the hacker’s device to their account.
Attackers also create phishing pages that look identical to Signal’s official website. These pages include fake device pairing instructions, tricking users into scanning a QR code that secretly grants hackers access to their conversations. Since QR codes are often used for quick and easy access, many users do not think twice before scanning them, making this method highly effective.
In some cases, hackers have gone further by modifying legitimate Signal group invitation pages. When a user clicks the invite link, they are redirected to a fake page controlled by the attacker. The page looks exactly like a real Signal invitation, making it nearly impossible to detect the scam. Instead of joining a group, the user ends up linking their account to the hacker’s device.
One example of this tactic was observed in Ukraine, where a hacking group targeted military personnel by disguising their attack as a legitimate Signal group invite. They used a phishing kit designed to mimic the Kropyva artillery guidance app used by the Ukrainian Armed Forces. Soldiers who scanned the QR code unknowingly gave hackers access to their Signal conversations, exposing potentially critical military information.
Signal Accounts Targeted on the Battlefield
These hacking techniques have even been used in military operations. When military devices are captured on the battlefield, attackers attempt to link the Signal accounts on these devices to their own infrastructure. This allows them to monitor conversations, track troop movements, and gather intelligence on strategic plans.
One of the biggest concerns with this attack method is how difficult it is to detect. Since Signal does not have built-in alerts for newly linked devices, users may never realize their account has been compromised. This means hackers can secretly access their conversations for extended periods without raising suspicion.
Security experts strongly recommend that users regularly check the “Linked Devices” section in their Signal settings. If they see an unfamiliar device listed, it could mean their account has been compromised. Removing any unknown devices can help cut off unauthorized access.
To further protect against these attacks, experts advise users to enable screen locks on all their mobile devices and use strong passwords containing a mix of uppercase and lowercase letters, numbers, and symbols. Installing the latest updates for messaging apps and operating systems can also help prevent security vulnerabilities.
These attacks are not limited to Signal alone. Similar techniques are being used to target other encrypted messaging apps such as WhatsApp and Telegram. Cybersecurity experts warn that hackers will continue using these methods as long as users remain unaware of the risks.
