Signal immediately fixed FaceTime-style eavesdropping bug
Reported in January 2019, the FaceTime bug allowed an attacker to call someone in Apple’s FaceTime and then add themselves to the chat session, even if the other party didn’t pick up. A bizarre logic flaw triggered an audio stream from the receiving phone, turning it into a digital eavesdropping device.
Now, Google Project Zero security researcher Natalie Silvanovich has found a similar bug in encrypted messaging service Signal. According to her bug report, a logic error in the app causes the program to answer an incoming call even if the user doesn’t pick it up.
The problem lies with
handleCallConnected, an Android message that causes the call to finish connecting. The app normally triggers this on both the callee and caller’s systems if the callee accepts an incoming call in the Signal app. However, an attacker could use this message to make the recipient’s app answer a call even if the caller doesn’t pick up, Silvanovich said.
For this to work, the attacker would have to install an altered version of the software on their own device. On an Android phone, you’d simply sideload such an app, because the operating system enables users to install applications directly to the device without going through Google Play.