Google Project Zero white-hat hacker Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could be exploited by a malicious caller to force a call to be answered at the receiver’s end without requiring his interaction.
This means that the attacker could spy on the receiver through the microphone of his device.
However, the Signal vulnerability can only be exploited if the receiver fails to answer an audio call over Signal, eventually forcing the incoming call to be automatically answered on the receiver’s device.
The logical vulnerability resides in a method handleCallConnected that could be abused cause the call to be answered, even though the user the interaction.
“In the Android client, there is a method handleCallConnected that causes the call to finish connecting. During normal use, it is called in two situations: when the device accepts the call when the user selects ‘accept,’ and when the device receives an incoming “connect” message indicating that the has accepted the call,” reads the analysis published by Silvanovich. “Using a modified client, it is possible to send the “connect” message to a callee device when an incoming call is in progress but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device.”
Silvanovich explained that the iOS client is affected by a similar logical issue, but the call is not established due to an error in the UI caused by the unexpected sequence of states.
Silvanovich shared her findings with the Signal security team last week that quickly addressed it on the same day with the release of the version v4.47.7.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Signal, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to…
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let…
A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the…
Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection…
A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office and Microsoft Windows flaws to…
This website uses cookies.