Comment on Russia-aligned hackers are targeting Signal users with device-linking QR codes

<- View Parent
notabot@lemm.ee ⁨1⁩ ⁨month⁩ ago

What I find particularly concerning is that the were able to “hide javascript commands that link the victim’s phone to a new device” in the payload of a qr-code. I can’t see any valid use for javascript in the group joining process, I would expect the code to just be a signal URI with the relevant group ID, so is there sone external javascript interface being exposed?

source
Sort:hotnewtop