Poland urges officials to ditch Signal for state-run messaging apps

In a vacuum, it’s not unreasonable to want official communications on an in-house platform with oversight. Although offering security on-par with Signal is a tall order But, if these statements are genuine, this threat model is all out of whack: > The government stressed that Signal’s encryption itself has not been broken. Instead, attackers are abusing legitimate account-management features through social engineering > > …attackers impersonate Signal support personnel or automated security chatbots and send messages warning users about suspicious activity or account compromise. Victims are then tricked into sharing SMS verification codes and Signal PINs, allowing attackers to fully hijack their accounts. > > The second technique involves malicious QR codes or links that secretly connect an attacker-controlled device to the victim’s Signal account. Once linked, attackers may gain access to private chats, group conversations, and message histories while remaining largely invisible to the victim How does an in-house alternative address these attack vectors? I can just as easily pretend to be someone with this new platform. Sounds like a skills/training/opsec awareness issue