Russia Targets Signal Messenger App

AI Spotlight
Microsoft goes quantum

Microsoft launched the world’s first topological quantum computing chip. If you’re like me, your response was, “wtf are you talking about, nerd.” Then I went on an hour-long quantum computing rabbit hole and am marginally more confused than when I started. But, hey, I learned a lot about the underlying components of quantum computing and now have more research to do. So yes, it's not quite AI, but it's super techy and awesome, so no complaining.

The allure of quantum computing is its ability to solve hard math problems. It’s why security nerds are nervous that when quantum computing becomes real, it could invalidate current encryption techniques, which rely on math problems that are difficult for current computers to solve. Thankfully, current computers suck at solving the math problems necessary to break encryption. Quantum computers, on the other hand, would thrive on those math problems…when they eventually get powerful enough.

In the graphic below, you can see that current computers are really good at things like multiplication, but when it comes to factorization (which is what encryption relies on), quantum computers do much better.

Today, encryption is safe because quantum computers aren’t powerful enough yet to solve these difficult math problems. Some scientists question whether we will ever reach that point. Either way, math nerds are also creating post-quantum cryptography designed to withstand the cracking capabilities quantum computing could bring.

So, what’s the big deal about what Microsoft did? A big issue with quantum computing is noise. This isn’t your noise from a kid’s birthday party — it’s noise at an atomic level from rogue forms of energy. That noise can originate from anything…cell signals, random radiation, or even a pesky atom shaking around too much. This causes atoms to bounce into each other, the same atoms quantum computers are trying to measure. And that’s where errors start to pop up. Too many errors and you have a very unreliable calculator.

Microsoft largely solved this by creating a topological quantum chip. Sounds delicious. If you want to learn more about a topological quantum chip, watch this 60-second overview. If you want to go deep, enjoy this video.

What did we learn, and where does this take us? First, we learned that I can’t learn the basics of quantum computing in an hour of research.

Second, Microsoft made some cool new hardware that helps remove the “noise” issue from quantum computers.

Third, nothing else has changed.

Security Deep Dive
Russia is sliding into your DMs…literally

Cyber threat actors can be real third wheels. They follow their victims around, offering no real value to the conversation, but you feel bad for them, so you just let them tag along—what’s the harm?

But as Google just showed, when it comes to Russia, the harm comes with them going super creeper mode and getting access to their victims’ messages on the Signal Messanger app. If you’re not familiar with Signal, it’s an awesome messaging app that can encrypt all of your communications. It’s why so many people flock to it for privacy…especially after the FBI said to stop using SMS for text messages.

While I won’t support a creeper, I’ve got to hand to Russia. They found a super basic technique to access their victim’s Signal messages. They’re using a Signal feature called “Linked Devices.” It lets you link Signal running on your phone with your computer or tablet. This is great, so all your messages are available on multiple devices.

But, as with many features that cater to convenience, it also introduces a security risk. Here are two ways Russia is making this happen.

One methodology is sending a phishing message to its target that mimics a group invitation. Instead, the invitation redirects the user to link a new device.

Another method involves creating a QR code to link a device and sending it to the user under the guise of joining a Signal group.

It’s yet another reminder that many attacks aren’t that sophisticated. Given the number of features that must exist in a multi-device world, I fully expect we will continue to see more of this.

Security & AI News
What Else is Happening?

☠️ Attackers built and promoted a fake pirate game on Steam's popular game marketplace. Users who installed the game got booty of a different kind - an infostealer.

💰️ The Zelle money transfer service recently celebrated 151 million users and $1 trillion in person-to-person payments in 2024. JPMorgan Chase cut their celebration short and announced it would soon restrict users from sending payments to contacts originating from social media.

⏸️ Due to privacy concerns, South Korea suspended new downloads of DeepSeek, the China-based AI phenomenon. In the nicest way possible, they said they would lift the suspension after DeepSeek addressed the privacy concerns regarding who it shares data with. However, I’m not putting my money on DeepSeek caring about this.

🆘 Thailand is taking in 7,000 people rescued from scam call centers in Myanmar. These call centers essentially kidnap people and force them to conduct online scams like romance fraud and investment scams.

😱 A crypto exchange lost $1.4 billion (yes, billion) in an attack Friday. The irony is that I had an unrelated post on Friday about how all these crypto attacks happen, and no one seems to care. Maybe this changes things, but probably not.

🍎 The UK asked Apple to create a backdoor into its encrypted cloud to access people’s accounts when needed for investigations. Apple didn’t like this, so it shut down the entire Advanced Data Protection feature for iCloud in the UK. In a power move, Apple rightly blamed the UK.