alt Hacker NewsThe article says they phish people into linking adversarial devices to their Signal:
> [...] threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, [...]
There's a new feature to sync old messages that seems like it could potentially make that attack vector ten times worse:
https://www.bleepingcomputer.com/news/security/signal-will-l...
Would a malicious URL be able to activate this feature as part of the request?