The earlier reported flaw in Signal Messenger that allowed just anyone, including malicious actors to initiate an auto-connect call without the receiver's interaction, has now been fixed.
While Signal boasts of a cross-platform encryption system that's touted as one of the world's most secure, but the recent flaw proved that no application is completely hackproof, which according to Google’s Project Zero team, the bug affected audio calls only, as the video option requires manual enabling for incoming calls.
The flaw could only be exploited when the receiver fails to answer audio call over Signal, which eventually will enforce the incoming call to be automatically answered from the receiver's end.
Google’s Project Zero team, which discovered the flaw, added that Signal experienced the remote attack surface due to the limitations in WebRTC, which design flaw also affected the iOS version of the app, but was unexploitable because the call is not completed owing to an error in unexpected sequence of states in the user interface.
Signal has now fixed the crucial flaw for the Android app, as the eavesdropping flaw couldn't be exploited on the iOS version of the messaging app, so it is recommended that all users should update to the latest version of the app on the Play store.
No comments