1 week Ago
NSA warning—check your settings SOPA Images/LightRocket via Getty Images In the wake of the ongoing controversy around U.S. officials using messaging apps and Gmail to share secure comms, the NSA’s warning that such platforms are vulnerable to attack suddenly carries much more significance and a heavy dose of irony.
The NSA’s full warning was issued in response to Google’s Threat Intelligence Group reporting that Russia’s GRU had fiddled with Signal’s group invite function, tricking Ukrainians into inviting Russians into secure chats. “This threat also extends to other popular messaging applications such as WhatsApp and Telegram," Google warned. One point in the NSA’s warning now stands out.
“Understand,” it said, “people are not always who they say they are online.” It turns out that whilst that may be on purpose, it could also be an accident. It also turns out that AI isn’t as smart as it should be.
It now seems that while questions remain around the appropriateness of a Signal chat to discuss ongoing nation state attacks, the fault in adding a journalist to the group is with Apple’s use of on-device AI to suggest adding or updating contacts based on messages received. Yes, it seems ludicrous, but a copy and paste from a journalist’s email into a text message added the journalists details to the text sender’s on the recipient’s phone. The rest, as they say, is history.
There are two iPhone settings working in tandem which let this happen. The first can be found within Settings—Apps—[Signal/WhatsApp] Settings to check Apple iOS 18 / Signal The second setting, which is more central to what went wrong, is the use of AI to infer that contact details have changed. Go to Settings—Apple Intelligence & Siri—Apps—Contacts.
There you can disable “Show Contact Suggestions.” In that same menu, disable “Learn from this App,” which makes contact suggestions in third-party apps. Similarly, per NSA’s warning, you can disable “Share Contacts with iOS” within Signal’s own settings, which sends those suggestions the other way.
Check all these settings now. Understand how your phone is set up and then decide what you want to change. Making these changes will stop you adding work colleagues to friend or school parent groups, it will also stop you adding journalists to secret military attack planning groups.
But it means that if a contact changes their number, Siri won’t suggest you change their details on your iphone. Whether you keep things as is will depend on your appetite for risk and the nature of the activities on your phone. Whilst not specifically called out by NSA, you also need to be very wary of attachments sent in messages.
While secure platforms offer some sandboxing for malicious content, once you offload a file to your phone those protections fall away. WhatsApp has just issued an emergency fix for one such vulnerability, which “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension.” This targeted Windows desktop not phone users, and essentially meant an image could actually be an executable that would run on your device.
Even so, phone users should not click on attachments or download anything to their phones unless they can vouch for the source and they’re expecting the content. If unsure leave it in your messaging app. This is also why I recommend disabling any autosaving of images and video.
.
