logoalt Hacker News

Austiiiiii02/19/20251 replyview on HN

There's a new feature to sync old messages that seems like it could potentially make that attack vector ten times worse:

https://www.bleepingcomputer.com/news/security/signal-will-l...

Would a malicious URL be able to activate this feature as part of the request?


Replies

inor0gu02/19/2025

Probably not, in any normal case a secondary device shouldn't have that kind of authority to dictate.

It is more concerning if the toggle is on by default and then you carelessly press next (on this or some other kind of phish).