Particle.news
Download on the App Store
3 ARTICLES
·
2w ago

Phishing Campaign Tricks Signal Users Into Revealing Backup Recovery Keys

The stolen recovery keys could let attackers decrypt archived chats if they also seize a user’s account, a step that raises serious privacy risks for activists and journalists.

The Signal app logo can be seen on the display of a smartphone while a finger taps on the application icon.(Photo by Matthias Balk/picture alliance via Getty Images)

Overview

  • The campaign surfaced after a Wednesday screenshot shared by Washington Post analyst Josh Rogin showed texts and Signal chats impersonating “Signal Support” that urged users to paste their 64‑character Secure Backup recovery key.
  • Attackers are aiming to obtain encrypted backup archives rather than only hijacking live accounts because a recovery key plus account control lets them download and decrypt past messages, photos, and documents.
  • Signal warns it will never contact users first or ask for registration codes, PINs, or recovery keys and advises storing keys offline or in a password manager and enabling registration lock and device‑change alerts.
  • Reports name journalists and anti‑CCP activists as early targets but security responders say some victims are outside that group, which suggests the tactic could spread beyond a narrow set of users.
  • Researchers say the true success rate is unclear because stealing the recovery key is only one step and attackers still need to take over the account to retrieve and decrypt the backup; the Secure Backups feature itself was introduced last year and encrypts archives with a key that never leaves the user’s device.