Signal faces scrutiny following a series of phishing-based account hijackings. As previously reported, attackers impersonated Signal support staff to trick users into revealing registration codes and PINs, enabling them to re-register accounts on devices under their control. Signal clarified that its infrastructure and encryption were not compromised, attributing the incidents entirely to social engineering.
It was mostly German conservative figures falling for the phishing attack, and it’s mostly German conservatives demanding this right now. So they’re responding in a characteristically conservative fashion: zero self-awareness, zero competence in the matter, but righteousness cranked all the way up to eleven.
Our Signal Support Staffs come in many flavours. Have your taste buds hacked by tasty treats like Scammy Strawberry, Malicious Melon or Phishy Piña Colada!
A lot of journalists got that wrong in initial reporting. But as an IT administrator you can see where they are coming from with their switch to another platform.
Signal is end user software, and a very good one at that. But it is no enterprise grade software. It lacks the management and policies needed for such user groups, which Wire seems to provide. Things like a mobile number as primary account handle spells ease and low entrance hurdle for end users, and a security problem for administrations.
The fractured nature of the IT in German politics is probably still keeping the attack surface alive. As outlined here by heise:
Politicians and beurocrats shouldn’t be using it anyway. They should be using something centrally auditable. I have Signal, but I talk to my colleagues in Teams for a reason. I could actually get in some trouble for using a secure back channel that cannot be FOI’d.
I got scammed therefore Signal insecure. Got it.
It was mostly German conservative figures falling for the phishing attack, and it’s mostly German conservatives demanding this right now. So they’re responding in a characteristically conservative fashion: zero self-awareness, zero competence in the matter, but righteousness cranked all the way up to eleven.
Wtf is a “Signal support staff” is it edible I’m hungry
Our Signal Support Staffs come in many flavours. Have your taste buds hacked by tasty treats like Scammy Strawberry, Malicious Melon or Phishy Piña Colada!
A lot of journalists got that wrong in initial reporting. But as an IT administrator you can see where they are coming from with their switch to another platform.
Signal is end user software, and a very good one at that. But it is no enterprise grade software. It lacks the management and policies needed for such user groups, which Wire seems to provide. Things like a mobile number as primary account handle spells ease and low entrance hurdle for end users, and a security problem for administrations.
The fractured nature of the IT in German politics is probably still keeping the attack surface alive. As outlined here by heise:
https://www.heise.de/en/background/Signal-attacks-Political-reality-bites-the-IT-admin-11279251.html
Politicians and beurocrats shouldn’t be using it anyway. They should be using something centrally auditable. I have Signal, but I talk to my colleagues in Teams for a reason. I could actually get in some trouble for using a secure back channel that cannot be FOI’d.
Some governments use self-managed Rocketchat and similar.