A bug in the private messaging platform “Signal” lately. According to a researcher, Signal had a security vulnerability that could allow eavesdropping by answering calls.
Signal Eavesdropping Vulnerability
Reportedly, researcher Natalie Silvanovich found a serious bug in the private messaging app Signal. As discovered, a vulnerability in the Signal app could allow eavesdropping on a user. To exploit the bug, an attacker would simply call the target user via Signal.
As described In a bug report, the flaw allowed a potential attacker to answer calls without user interaction. Therefore the callee wouldn’t know when someone called on their phone and started listening to said conversations. As stated,
There is a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up.
According to Silvanovich, the flaw existed in the Signal client for both iOS and Android. However, the exploit could only work on Android phones where the logic error affected the handleCallConnected method. Under normal circumstances, this component finishes the call connecting process when a user accepts the call by selecting ‘accept’, or when the device gets an incoming message about the acceptance of a call. However, the flaw could allow bypassing the check and finish call connecting even when in process.
Using a modified client, it is possible to send the “connect” message to a callee device when an incoming call is in progress, but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device.
The exploit could, however, only work with voice calls, since video calls on Signal require user interaction to enable the camera.
In case of iOS, the vulnerability resulted differently, hence failing the exploit.
The iOS client has a similar logical problem, but the call is not completed due to an error in the UI caused by the unexpected sequence of states.
Patch Is Available
Upon discovering the vulnerability, the researcher informed Signal about the problem. Following her report, the firm released patches for the vulnerability with Signal for Android v4.47.7, as confirmed by TheHackerNews.
The users should hence ensure updating their devices to the latest version of the Signal app.