this post was submitted on 01 Aug 2023
310 points (97.5% liked)

Technology

59190 readers
2930 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.

The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

all 36 comments
sorted by: hot top controversial new old
[–] pumpsnabben@sopuli.xyz 69 points 1 year ago (4 children)

I have a hard time seeing how this app gets my Signal info, SMS is no longer supported in Signal.

[–] Hyzerflip@lemmy.world 41 points 1 year ago

I suspect fear mongering as it likely DOES take screenshots and since it has the device infected, it grabs the time/position and other intelligence it can grab. I don’t believe for a second they actually hacked the Signal app itself.

[–] poop@lemmy.blahaj.zone 9 points 1 year ago

Yeah that claim seems fairly unsubstantiated by the rest of the article. It’s probably bullshit.

[–] Chadus_Maximus@lemm.ee 8 points 1 year ago* (last edited 1 year ago) (2 children)

Wait it isn't? Are you telling me all the SMS I have received were sent into the pitch black abyss?

[–] ApathyTree@lemmy.dbzer0.com 14 points 1 year ago* (last edited 1 year ago)

https://support.signal.org/hc/en-us/articles/360007321171-Can-I-send-SMS-MMS-with-Signal-#:~:text=SMS%20is%20not%20secure%20or%20private%2C%20and%20that,anyone%20snooping%20on%20your%20traffic%20could%20read%20them.

SMS was supported back when I was on android, roughly a year ago, since it handled all of my texting (signal or standard) but it was already broken up in iOS at that point, and they were dropping support for SMS on android (announced October 2022).

[–] pumpsnabben@sopuli.xyz 3 points 1 year ago

I lost SMS support this spring, Signal posted about this in October 2022. I'm on Android and PC.

[–] Compactor9679@lemm.ee 2 points 1 year ago (1 children)

You install the app, by doing so you give the app permisions.

[–] pumpsnabben@sopuli.xyz -1 points 1 year ago

There is no system permission I'm aware of that will give other applications access to Signal which is an app made to be secure with at least a PIN code for accessing it.

[–] BootlegHermit@kbin.social 23 points 1 year ago
[–] luthis@lemmy.nz 23 points 1 year ago (1 children)

Anything with the word 'safe' in it should be immediately distrusted.

[–] d3Xt3r@lemmy.world 9 points 1 year ago

Probably why Google went from SafetyNet to Play Integrity. Maybe we should also start distrusting "integrity" as well, given how they're trying to push the Web Integrity crap.

[–] PlexSheep@feddit.de 15 points 1 year ago (1 children)

The signal user data is only phone number and the date when the account was created iirc.

[–] bjoern_tantau@swg-empire.de 5 points 1 year ago

The malware is running on the user's phone. There it has access to all of the data, including message contents. Doesn't matter how secure the server and message encryption are.

Signal's servers were not comprimised. And like you said that would only give them a minimal dataset.