Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction 

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state.
And when we say this, Signal Private Messenger—promoted as one of the most secure messengers in the world—isn't any exception.
Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver's end without requiring his/her interaction.


In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user's device and listen to all surrounding conversations.
However, the Signal vulnerability can only be exploited if the receiver fails to answer an audio call over Signal, eventually forcing the incoming call to be automatically answered on the receiver's device.
"In the Android client, there is a method handleCallConnected that causes the call to finish connecting. During normal use, it is called in two situations: when the callee device accepts the call when the user selects 'accept,' and when the caller device receives an incoming "connect" message indicating that the callee has accepted the call," Silvanovich explains in the Chromium blog.
"Using a modified client, it is possible to send the "connect" message to a callee device when an incoming call is in progress but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device."
To be noted, "the connected call will only be an audio call, as the user needs to manually enable video in all calls."
Web Application Firewall
Silvanovich also mentioned that "Signal has this large remote attack surface due to limitations in WebRTC," and the design flaw also affects the iOS version of the messaging app, but can not be exploited because "the call is not completed due to an error in the UI caused by the unexpected sequence of states."
Silvanovich reported this vulnerability to the Signal security team just last week.
The Signal security team immediately acknowledged the issue and patched it within a few hours on the same day with the release of Signal for Android v4.47.7, the company confirmed The Hacker News.

What's your take? Let me write it down for you again—go and install the latest available update of Signal Private Messenger app from Google Play Store and make sure you always run up-to-date apps on your Android and iOS devices.

Comments