A bug in the private messaging platform “Signal” lately. According to a researcher, Signal had a security vulnerability that could allow eavesdropping by answering calls.
Reportedly, researcher Natalie Silvanovich found a serious bug in the private messaging app Signal. As discovered, a vulnerability in the Signal app could allow eavesdropping on a user. To exploit the bug, an attacker would simply call the target user via Signal.
As described In a bug report, the flaw allowed a potential attacker to answer calls without user interaction. Therefore the callee wouldn’t know when someone called on their phone and started listening to said conversations. As stated,
According to Silvanovich, the flaw existed in the Signal client for both iOS and Android. However, the exploit could only work on Android phones where the logic error affected the handleCallConnected method. Under normal circumstances, this component finishes the call connecting process when a user accepts the call by selecting ‘accept’, or when the device gets an incoming message about the acceptance of a call. However, the flaw could allow bypassing the check and finish call connecting even when in process.