Why Status is Resilient Against Recent Signal Device Linking Attacks

Recent reports have highlighted that Russian state-aligned threat actors have been targeting Signal users through its linked device functionality. Attackers exploited Signal’s web-based QR code pairing system, using malicious QR codes to hijack accounts remotely.

According to Google’s Threat Intelligence Group (GTIG) report, two major attack vectors were identified:

1. Modified Signal Group Invites (UNC5792) – Used to trick users into revealing authentication tokens.
2. Custom-Developed Signal Phishing Kits (UNC4221) – Designed to steal Signal credentials via fake authentication interfaces.

These attack vectors, however, do not affect Status, thanks to its fundamentally different pairing mechanism. This article explains why Status’ design prevents such attacks and what security measures are in place.

Don’t have Status yet? Get Status now—your private messenger and crypto wallet in one place. Download here: https://status.app/

Why Status is Secure Against These Attacks

No Web-Based Pairing = No Remote Hijacking

Unlike Signal, which allows users to pair new devices remotely over the internet, Status’ QR code pairing is strictly local. This means:

• Both devices must be on the same Wi-Fi network.
• There is no fallback that would allow an attacker to pair a device remotely.
• A malicious QR code cannot work unless the attacker is physically present and able to connect to the same network.

Why This Protects Our Users: By restricting device pairing to local networks, Status eliminates the primary attack surface exploited in Signal's linked device hijacking. An attacker cannot simply send a phishing link or malicious QR code over the internet to take control of a user’s account. Instead, they would need to be in physical proximity to the user’s devices, making such attacks significantly harder to execute. Additionally, since there is no cloud-based infrastructure facilitating pairing, there is no risk of attackers exploiting centralised systems to inject rogue device links.

Explicit User Interaction Required for Pairing

Pairing in Status is not automatic or silent:

• Pairing mode must be explicitly enabled on both devices before scanning the QR code.
• If a third device is already paired, it receives a notification about the pairing attempt.
• This process requires physical user interaction, preventing the type of phishing that targeted Signal users.

Why This Protects Our Users: Unlike phishing attacks that rely on tricking users into scanning a QR code unknowingly, Status requires active user participation on both devices. This prevents attackers from tricking users into unwittingly linking their devices to an unauthorised party. Additionally, the notification system ensures that any unauthorised pairing attempts are immediately visible to the user, allowing them to intervene and prevent malicious linking.

Time-Limited and Tamper-Proof QR Codes

Status' pairing QR codes:

• Expire after 5 minutes, making them useless for replay attacks.
• Cannot be intercepted and reused by an attacker.
• Contain all necessary transport and pairing details, removing reliance on external authentication methods.

Why This Protects Our Users: In many phishing attacks, malicious actors capture QR codes and reuse them later. Since Status QR codes are only valid for a short duration and cannot be reused, an attacker would need to act within the narrow 5-minute window while being on the same local network, making exploitation highly impractical. Furthermore, because Status QR codes are designed to work only in actively enabled pairing sessions, they are not vulnerable to unauthorised scanning by background processes or malware.

Strict Device Limits and User Control

Unlike Signal, which allows multiple linked devices, Status enforces:

• A strict 3-device pairing limit.
• Full visibility into paired devices, allowing users to review and remove them easily.

Why This Protects Our Users: A major issue with Signal’s linked device mechanism is that users might not notice an extra, unauthorised device has been added. Status' strict three-device limit ensures that users can quickly detect any suspicious additions. Since paired devices are always visible in the app settings, users have clear oversight and can promptly remove any unauthorised device. This prevents attackers from silently linking rogue devices over time, a common method used in long-term espionage campaigns.

Signal was compromised while Status stays resilient. Switch to Status now: https://status.app/

Status Goes Further: Protecting You Against Physical Access

While Status’ pairing mechanism is highly secure against remote attacks, maintaining control over one’s own device is a core aspect of personal security. In most messaging apps, if an attacker gains temporary access to an unlocked phone, the attacker could attempt to pair a new device. However, even here Status has key protections in place to keep our users safe:

• Mandatory authentication to open the app ensures that attackers cannot link devices unless they already have full access to the unlocked phone.
• Paired devices are always visible in settings, so users can review and remove any unauthorised connections.
• The strict 3-device limit prevents attackers from adding multiple hidden devices over time.

With many secure messaging apps, including Signal, an attacker with access to an unlocked device could compromise a user's security. Status' security model is different, prioritising local control, visibility, and authentication, making it much harder for an attacker to gain access, let alone maintain persistent access unnoticed. As always, users should still ensure their phones are locked when not in use and be aware of their physical security.

Bug Bounty Programme: Help Us Strengthen Status Security

At Status, we prioritise security and continuously seek to improve our defences. To encourage security researchers and ethical hackers to identify vulnerabilities, we run a bug bounty programme in collaboration with Hackenproof. This programme covers both Status and Waku, offering rewards for valid security findings.

If you are interested in testing the security of Status and contributing to a safer ecosystem, you can learn more and participate here: Hackenproof IFT Bug Bounty Programme.

Final Thoughts

Status' pairing system is fundamentally more secure than Signal’s against the recent attack vectors:

• Local-only pairing prevents remote hijacking.
• Explicit user interaction prevents phishing-style attacks.
• QR codes expire quickly and cannot be intercepted.
• Users have full control over their linked devices.

These architectural choices make it extremely difficult for attackers to execute the type of phishing attack that compromised Signal users. While physical device security remains a factor, Status’ mandatory authentication further reduces risks.

As always, users should remain vigilant, ensure their devices are secured, and regularly review their linked devices list to maintain maximum security.

Trustless security beats centralisation. Try Status today! Secure messaging & crypto in one app:  https://status.app/