A bug discovered in the Signal application on Android enabled hackers to receive voice calls from the communicator – without the consent and awareness of the users. At the end of September, experts from Google’s Project Zero detected the error.
Signal is an encrypted application created for mobile devices by Open Whisper Systems. It supports both Android and iOS for mobile devices, there is also a desktop version of the program for Windows, Linux and macOS. Signal enables to make audio and video calls and to send multimedia messages – to individuals or groups.
Until now, the messenger was quite popular due to the “guaranteed” security of the users. Edward Snowden himself promoted it. However, recent reports may undermine the authority of the application and weaken the trust of application users. As a specialist from Project Zero revealed, a bug in Signal enabled to turn on the microphone remotely without the victim’s knowledge.
As a result, cybercriminals could use the application to eavesdrop on specific people by only making a voice call. Without any user intervention, the audio call turned on the microphone of the callee device – before the conversation began.
Google experts say the vulnerability to hacker attacks involved voice calls in Signal. Video calls are not threatened by cyberattacks and are secured because it requires the callee to manually turn on the camera.
Creators of the messenger ensure that the error has been patched and recommend updating the application to version 4.47.7 as soon as possible.
The Next Web believes that the error in Signal’s software is similar to the vulnerability found in the FaceTime messenger from Apple. The latter also allowed hackers to eavesdrop on users with the use of incoming calls that enabled remote takeover of the mic.
Source: The Next Web