Hello everyone....!!
Welcome back to NewAgeInformers where knowledge sharing is the first priority of this group. First of all I would like to thank our all readers for giving us such a huge support and inspiration to write articles. Now coming back to the point, today's topic of discussion is the vulnerability faced by the world's most popular Encrypted Messaging App 'Signal'.
What is Signal Messaging App?
It is an instant messaging App just like Whatsapp,Telegram,etc. But the best part or feature of Signal among the other messaging Apps is it provides full encryption to it's users. It encrypts voice calls, text messages and media files before sending and then it decrypts on the other end once received. This App will allow you to call and message for free. It is the best App as per the security perspectives.
Yes! You might be thinking that how the most secure and encrypted messaging App gets vulnerable then let me tell you that this is true. Recently, a 17-years old boy, Leonardo Porpora, a student from high school in Arezzo, Tuscany-Italy had detected a serious vulnerability which can actually allow malicious attackers/hackers to bypass the process of authentication and can access to the users' chats. As per his saying that this vulnerability will affect all the versions of the application below 2.23.1.1 version. The wort thing that is caused by this vulnerability is that it will allow the attacker to bypass Touch ID and password protection by just following few steps sequentially.
Leonardo, in his own blog stated that the Signal version 2.23 and below are vulnerable and by doing below mentioned steps an attacker can have access to the main window without any authentication. He also said that for this an attackers needs to access the victims phone physically. Below mention are the steps which can be preformed by the attacker to gain access to the user's chat.
1) Open the App
2) Press the cancel button
3) Click the Home button
4) Open the App again.
A CVE (Common Vulnerabilities and Exposures) has also committed this vulnerability. "The Open Whisper Signal app before 2.32.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button." Leonardo had reported this vulnerability to Signal and luckily the security team of Signal started working on it. However, the patch which was released after improvement was partially fixed only since the version 2.23.1.1 was still vulnerable to bypass screen lock with different increased steps as shown below:
1) Open the App
2) Click cancel button
3) Click home button
4) Double click on the home button
5) Close the App
6) Open the App
7) Click cancel button again
8) Once again click home button
9) Open the App
10) You can see Signal main Screen without having been asked for the Password or TouchID.
Signal has fixed both the vulnerabilities in very short time after getting report form Leonardo. The company thanked Leonardo by writing his name in the description of the app's iOS download page under the section of 'What's New' section. "This release fixes a bug that made it possible to bypass the new Screen Lock feature. Thanks to Leonardo Porpora for reporting this issue."
The NewAgeInformers would like to suggest their readers to update the Signal App to it's latest version in order to maintain the privacy of users'. That's all for today. Thank you and stay connected for more and more amazing articles by following us here:
facebook: CLICK HERE!!!!!!!!!!
Twitter: @NewAgeInformers
Instagram: @new_age_informers_
Welcome back to NewAgeInformers where knowledge sharing is the first priority of this group. First of all I would like to thank our all readers for giving us such a huge support and inspiration to write articles. Now coming back to the point, today's topic of discussion is the vulnerability faced by the world's most popular Encrypted Messaging App 'Signal'.
What is Signal Messaging App?
It is an instant messaging App just like Whatsapp,Telegram,etc. But the best part or feature of Signal among the other messaging Apps is it provides full encryption to it's users. It encrypts voice calls, text messages and media files before sending and then it decrypts on the other end once received. This App will allow you to call and message for free. It is the best App as per the security perspectives.
Yes! You might be thinking that how the most secure and encrypted messaging App gets vulnerable then let me tell you that this is true. Recently, a 17-years old boy, Leonardo Porpora, a student from high school in Arezzo, Tuscany-Italy had detected a serious vulnerability which can actually allow malicious attackers/hackers to bypass the process of authentication and can access to the users' chats. As per his saying that this vulnerability will affect all the versions of the application below 2.23.1.1 version. The wort thing that is caused by this vulnerability is that it will allow the attacker to bypass Touch ID and password protection by just following few steps sequentially.
Leonardo, in his own blog stated that the Signal version 2.23 and below are vulnerable and by doing below mentioned steps an attacker can have access to the main window without any authentication. He also said that for this an attackers needs to access the victims phone physically. Below mention are the steps which can be preformed by the attacker to gain access to the user's chat.
1) Open the App
2) Press the cancel button
3) Click the Home button
4) Open the App again.
A CVE (Common Vulnerabilities and Exposures) has also committed this vulnerability. "The Open Whisper Signal app before 2.32.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button." Leonardo had reported this vulnerability to Signal and luckily the security team of Signal started working on it. However, the patch which was released after improvement was partially fixed only since the version 2.23.1.1 was still vulnerable to bypass screen lock with different increased steps as shown below:
1) Open the App
2) Click cancel button
3) Click home button
4) Double click on the home button
5) Close the App
6) Open the App
7) Click cancel button again
8) Once again click home button
9) Open the App
10) You can see Signal main Screen without having been asked for the Password or TouchID.
Signal has fixed both the vulnerabilities in very short time after getting report form Leonardo. The company thanked Leonardo by writing his name in the description of the app's iOS download page under the section of 'What's New' section. "This release fixes a bug that made it possible to bypass the new Screen Lock feature. Thanks to Leonardo Porpora for reporting this issue."
The NewAgeInformers would like to suggest their readers to update the Signal App to it's latest version in order to maintain the privacy of users'. That's all for today. Thank you and stay connected for more and more amazing articles by following us here:
facebook: CLICK HERE!!!!!!!!!!
Twitter: @NewAgeInformers
Instagram: @new_age_informers_
Recently my cousin suggested me to utilize the SMS marketing for my business as according to her not everyone owns a smart phone so we should target every set of customers. She had a point and I immediately searched for the best business text messaging app. It is now helping me a lot to get more sales.
ReplyDelete