Do not make this dangerous messaging error
Update: republished on March 30 with a new report on the vulnerability of the device and a new update that simplifies secure communications on iphones.
Secure messaging applications on your phone are dangerous. Not because their own security measures are vulnerable to attacks – although it happens, but because their security is as good as your behavior. And millions of iPhone and Android users do not only make simple errors can open your phone to attack.
It was the node of the NSA warning which was now made public and which was titled as a Signal vulnerability In the wake of Trump officials who inadvertently invite a journalist to a sensitive group cat. But this is not the case. It is user vulnerability. The notification of the NSA is a warning to modify the messaging parameters. Nothing more.
NSA warning last month was invited by Google threat intelligence group Discovering the Gru de Russia prompted Ukrainian officials to open access to their signaling accounts, allowing Russians to listen. It was not a signal defect – the application worked as planned. And it was not limited to the signal. Google has warned “this threat also extends to other popular messaging applications such as WhatsApp and Telegram”.
The two “vulnerabilities” relate to the signal and WhatsApp features which make them easier to use. Linked devices and group links. The first allows you to synchronize and access your secure messaging applications on all your eligible devices. The second provides you with a simple way to invite new members to a group conversation by sending them a link, rather than adding them one by one to the group.
The group’s liaison threat only extends to the group itself and is easily attenuated. In Signal, deactivate the group link from group settings. In WhatsApp, you do not have this option, but do not use links for sensitive groups; You must also define sensitive groups in WhatsApp so that only administrators can add members.
The option of linked devices is much more dangerous because it can establish a fully synchronized replica of your messaging application on someone else’s device. But again, this risk is easily attenuated. In both applications, there is a menu of clear parameters entitled “Linked devices”. Go there now and read any device that you do not recognize 100% as you belong. If in doubt, delete. You can always add it later if you make a mistake. On both applications, your main phone is the basis and all other devices can be linked and unrelated to it.
There is a turn to that. In the Russian attack, The invitation link of the signal group was diverted to link a device insteadVulnerability in the coding and mechanics of the invitation, but not the application itself. But there is no way for someone to connect a device without being manifested in your parameters above. The regular verification of these links is essential. It is also worth periodically unlocking the “web application” links of the browser (as opposed to applications) and releases it. The other advice is not to click on group links unless they are expected and you can guarantee the sender.
The other NSA messaging advice should be common sense. Define and change your application pin regularly and activate the screen locking. Do not share contact or status information, certainly not outside your contacts. The DOD agency also recommends keeping the phone and application contacts with separate contacts, although painful for daily use.
The concept of secure messaging is largely misunderstood. End -to -end encryption is a transmission backup. The content is blurred by your device and not recruited when it reaches a recipient. Each end (telephones in a cat) is vulnerable to a compromise of this device, to user saving content or to the bad guest in a group. None of these applications are the ball test if your other security is defective or if you make a mistake.
The NSA is not the only one to call signal as a title title when it comes to guaranteeing the commercial messaging platforms used by politicians and other officials. The American cyber-defense agency did the same as a result of the Hacks of Typhon Salted in China on American networks. “Use only encrypted communications from start to finish”, ” Cisa said. “Adopt a free messaging application for secure communications which guarantees end -to -end encryption, such as the signal or similar application.”
With an interesting timing, WhatsApp – the most popular secure messenger in the world, which uses the same signal encryption protocol and the signals itself – has just made it easier. IPhone users can now select WhatsApp as a default text and call application. The platform update that offers this new capacity takes place this weekend. In settings – Applications, select “Default applications” and modify the “messaging and” calls “options.
But again, this does not change the user / device vulnerability that will always leave a secure messaging in danger. “The biggest risk of listening to a signal conversation comes from the individual phones on which the application works,” explains Foreign policy. “Although it is not very clear if the American officials involved had downloaded the application on personal phones or issued by the government … Smartphones are consumption devices, not at all suitable for American government conversations.”
This is particularly acute, given that “an entire industry of spy software companies sells capacity to hack smartphones for any country willing to pay”. It was the forensic exploits that tormented iPhones and Androids this year. And so just as it is essential to apply the right messaging parameters, it is also essential to keep your phone up to date, avoid risky applications and stop click on unexpected links or attached pieces.
You can read the full advice of the NSA here. Be careful and make sure to keep your worktops, festive plans and even your secret war plans.