It is not plainly stated in the article, but as far as I understand, the first step of one of the attacks is to take the smartphone off a dead soldier’s body.
The article says they phish people into linking adversarial devices to their Signal:
> [...] threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, [...]
It raises questions about smartphones being standard equipment for soldiers, but they do give every soldier an effective, powerful computing and communication platform (that they know without additional training).
The question is how to secure them, including against the risk described in the parent. That seems like a high risk to me I would expect someone is working on how to secure them enough that even Russian intelligence doesn't have an effective exploit.
The solutions may apply well to civilian privacy too, if they ever become more widespread. It wouldn't be the worst idea to secure Ukrainian civilian phones against Russian attackers.
> Encrypted milspec comms aren’t the standard in a massive war.
It is standard in any modern military that is actually prepared for war. It's not like encrypted digital radio is some kind of fancy tech, either - it's readily available to civilians.
Ukraine in particular started working on a wholesale switch to encrypted Motorola radios shortly after the war began in 2014, and by now it's standard equipment across their forces. Russia, OTOH, started the war without a good solution, with patchwork of ad hoc solutions originating from enthusiasts in the units - e.g. https://en.wikipedia.org/wiki/Andrey_Morozov was a vocal proponent.
But smartphones are more than communications. You can also use them as artillery computers for firing solutions, for example. And while normally there would be a milspec solution for this purpose, those are usually designed with milspec artillery systems and munitions in mind, while both sides in this war are heavily reliant on stocks that are non-standard (to them) - Ukraine, obviously, with all the Western aid, but Russia also had to dig out a lot of old equipment that was not adequately handled. Apps are much easier to update for this purpose, so they're heavily used in practice (and, again, these are often grassroots developments, not something pushed top-down by brass).
Russians aren't allowed to bring phones on the frontlines apparently but Ukranians often do still as they have the combat management app which is critical to operations. I've always wondered if this is why there's far more published footage of Ukranian combat video than Russian. Beyond the donation incentive they attached to videos when publishing them on Youtube/Telegram.
> I've always wondered if this is why there's far more published footage of Ukranian combat video than Russian.
I'm sure Russia's meat wave tactics have more of a role. If you're sending your troops in suicide missions, including guys without weapons and even in crutches, you're not exactly too keen in having them carrying mobile phones to document the experience or even, heavens forbid, survive by surrendering.
Are you sure it's a meme, though? There is plenty of footage out there, documenting meat wave tactics in 4k. Have you been living under a rock?
> Again ,if Ukrainians are being beaten by guy in crutches (...)
What's your definition of "being beaten"? Three years into Russia's 3-day invasion of Ukraine and Ukraine started invading and occupying Russian territory. Is this your definition of being beaten?
I think a large chunk of the footage is taken by gopros or similar, not smartphones.
And I think a pretty much all published Ukrainian and Russian combat footage is vetted by their respective military (who would want to be court martialed for Reddit karma?).
They just take different approaches to what, when and were to release the footage.
A radio on a soldier is already a dangerous communications device - with a radio you can call in artillery strikes, for example.
There's no particular need IMO to secure smartphones on the battlefield in anyway beyond standard counter-measures - i.e. encrypt the storage, use a passcode unlock.
That's referring to people literally posting selfies online (with the result of giving away their location by either metadata or geo-guessing).
Which is a process and procedure issue, more then a security issue on the phones themselves (except in so far as it's really obvious there's a solid need for an OS for a battlefield device which strips all that stuff out by default).
> [...] threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, [...]