
CISA Warns Hackers Target Signal & WhatsApp Through Phones
New CISA Alert: Signal and WhatsApp Encryption Isn’t Broken — Your Phone Is
By TechBoltX News | Updated Today
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a major alert revealing that state-backed hackers are not breaking the encryption behind Signal, WhatsApp, or other secure messaging apps.
Instead, they’re hacking the phones themselves — using commercial spyware, zero-click exploits, and malicious QR-based sign-ins to bypass app protections entirely.
Why It Matters
This campaign targets high-value individuals:
• government officials
• ex-military personnel
• political figures
• journalists
• civil society groups
Attackers have already stolen device data, chat histories, voice recordings, and even live messages — all without affecting encryption.
The encryption works.
Your device doesn’t.
What CISA Says Is Happening
CISA confirms a dangerous trend: hackers no longer crack encrypted apps — they crack the mobile OS underneath them.
Their playbook looks like this:
- Zero-click exploits (no tap needed)
- Phishing links and app impersonations
- Malicious QR codes
- Trojanized “Signal” or “WhatsApp” clones
- Fake updates
- Commercial spyware loaders that download more payloads
Once inside, attackers gain:
✔ message access before encryption
✔ message access after decryption
✔ audio recordings
✔ media files
✔ location data
✔ camera + microphone control
All while staying invisible for years.
The QR-Code Attack: The Most Alarming Part
CISA highlights a new technique abusing QR-based device linking.
Here’s how it works:
- You receive a QR code that looks like a legit “Link Device” login.
- You scan it, thinking it’s part of a normal process.
- The attackers silently add their own machine as an authorized device.
- They now receive all new messages — without breaking encryption.
This allows real-time spying with zero suspicion from the user.
How the Fake Apps Work
The hackers distribute counterfeit versions of:
- Signal
- Telegram
- Secure update tools
- OS-level system apps
These apps look 100% real — same icons, same UI — but secretly function as surveillance implants.
They collect:
• stored files
• photos
• chat backups
• contacts
• background audio
• system info
Some of these tools rival Pegasus-level spyware.
Zero-Click Exploits: The Silent Killer
CISA warns about zero-click flaws that allow attackers to run code by:
- sending a crafted image
- sending a malformed audio file
- sending a corrupted message
- abusing a parsing bug in the OS
No user action.
No notification.
Just instant compromise.
These are favored by high-end threat actors for long-term, quiet surveillance.
How to Protect Yourself (CISA’s Recommended Steps)
1. Update your phone immediately
Most zero-click exploits rely on old OS versions.
2. Disable device linking when not needed
And never scan QR codes from unknown sources.
3. Install apps ONLY from:
- Google Play Store
- Apple App Store
Avoid APKs, clone stores, and random download links.
4. Turn off “Install unknown apps”
5. Treat every unexpected message as suspicious
Especially PDFs, images, and login prompts.
6. Use a physical security key for account logins
7. If you’re a high-profile target, get your device checked
Commercial spyware often stays hidden for years.
Bottom Line
Hackers aren’t cracking Signal or WhatsApp encryption.
They’re compromising your phone, your authentication, and your linked devices.
This is part of a growing industry of cyber-mercenary operations backed by state intelligence and sold through commercial spyware vendors.
CISA’s message is clear:
Encryption isn’t failing — mobile security hygiene is.
Anish is the founder of TechBoltX, sharing mobile gaming rewards, guides, and daily updates.