Signal Android malware

This is how hackers are spying on your Signal messages

Google and Samsung’s failures resulted in hackers intercepting all your Signal messages.

There is a report on Forbes of a fake Signal app floating on the Google Play and Samsung Galaxy Store. This fake Signal app allows you to link your real Signal app on your smartphone to it on another device. Once you do that, hackers can intercept all the Signal messages that you send and receive, and even send messages on your behalf. So, how does it work?

How the real Signal app works

The real Signal app on your smartphone has a feature to link it to another real Signal app on your other device (e.g. tablet, desktop PC/Mac). That feature is called “Linked Devices”. According to Signal, when you launch Signal on your other device, it will display a QR code which you then scan with the Signal app on your smartphone. This will establish a secure link between the Signal app on your other device and the Signal app on your smartphone. Once that secure link is established, the Signal app on your other device can send and receive all Signal messages on behalf of the Signal app on your smartphone. This will work even when your smartphone is offline (e.g. turned off).

How the fake Signal app abuse this feature

The fake Signal app mimic the “Linked Devices” feature of the real Signal app, but with a twist. It functions as a conduit between the real Signal app on your smartphone with the hacker’s Signal app on his device. In other words, you are linking your real Signal app on your smartphone with the hacker’s Signal app on his device via the fake Signal app.

So, when this happens, the hacker can send and receive all your Signal messages.

Samsung and Google at fault

This begs a question. Why did Samsung and Google’s vetting process fail to stop those fake and malicious Signal app from being listed on their app store? Both of them removed the app only after it is discovered. In theory, the hackers can do the same on Apple’s App Store. But it did not happen. Maybe the hacker did not bother to target Apple’s App Store. Or he tried but failed.

It goes to show one thing. There is something wrong with how vetting is done by Google and Samsung to allow malware to slip through and enter their app stores.

What can you do?

While there’s nothing you can do about malicious apps being listed on the app stores, there is something else you can do on your devices to protect yourself today.

So, how do you do that?

Subscribe to continue reading

Become a paid subscriber to get access to the rest of this post and other exclusive content.

Already a paid subscriber?