NSA F9T53 Opsec Special Bulletin: Signal Vulnerability

Summary

100%(6)100% found this document useful (6 votes)11K views3 pagesNSA fullCopyright© © All Rights ReservedAvailable FormatsDownload as PDF or read online on ScribdDownload nowDownloadDownload as pdfSave NSA full For LaterSaveSave NSA full For Later100%100% found this document useful, undefined100%(6)100% found this document useful (6 votes)11K views3 pagesNSA fullCopyright© © All Rights ReservedAvailable FormatsDownload as PDF or read online on ScribdDownload nowDownloadDownload as pdfSave NSA full For LaterCarousel PreviousCarousel NextUNCLASSIFIED//FOR OFFICIAL USE ONLY F9T53 OPSEC SPECIAL BULLETIN Signal Vulnerability (U) A vulnerability has been identified in the Signal Messenger Application. The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information. (U) Russian professional hacking groups are employing the ‘linked devices” feature to spy on enerypted conversations. The feature allows the chat and voice messenger application to be utilized on multiple devices concurrently. The hacking groups embed malicious QR codes in phishing pages or conceal them in group invite links. After gaining access via the malicious code, the groups add their own devices as a linked device. This allows the group to view every message sent by the unwitting user in real time, bypassing the end-to-end encryption. (U//FOUO) Steps to safeguard your Signal application are on the following pages. The pages are unclassified and can be printed for use outside of SCIF spaces. (U//FOUO) Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information (e.g. Protected, FOUO, CUI, etc.). Any use or application must abide by DoD and NSA/CSS policy. Please view NSA/CSS Policy 6-6 for guidance and requirements on this subject matter.UNCLASSIFIED SIGNAL “Do set up privacy a...