Signal patched a bug which could have let the hackers to eavesdrop on victims by making and then immediately auto-answering a call, without the permission of the callee.
The bug is similar to the Apple’s FaceTime bug which was discovered in January that permitted the attackers to eavesdrop on other iPhone users by placing and auto-approving a FaceTime audio or video call.
The bug works only on Signal audio calls, and does not impact the video calls, as the Signal app requires users to manually enable camera access in every calls. Also only the Signal app on Android is affected by the bug.
The bug was discovered by Natalie Silvanovich who is a security researcher with Google’s Project Zero team. Natalie stated that the iOS client has a similar logical problem, but the call was not completed due to an error in the UI caused by the unexpected sequence of states.
But in the case of an Android, the hacker could use a modified version of the Signal app to initiate a call, and then press their own Mute button to approve the current call on the callee’s side.
The bug occurs in the “ringing” stage of a call. Attackers can press the Mute button very quickly and avoid a long ring that may alert the victims.
If the call was answered quickly, even then the users would see a visible indication that a call was in progress. There would also be a record of the completed call at the top of the conversation list.
The Signal which is a favorite app among journalists, political figures, businesspeople, security researchers, and many other high-profile figures supports end-to-end encrypted communications.
According to a Signal spokesperson, the bug was fixed in version 4.47.7 which was released last week, on the same day the researcher reported it.