A Snowden Fave Has a Quirk

October 7, 2019

If you use Signal, a fave of Edward Snowden, there’s a possible security flaw. Signal is a messaging app with a charming feature if “Signal: Incoming Call Can Be Connected without User Interaction” is on the money. The write up asserts:

Using a modified client, it is possible to send the “connect” message to a callee device when an incoming call is in progress, but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device. The connected call will only be an audio call, as the user needs to manually enable video in all calls. The iOS client has a similar logical problem, but the call is not completed due to an error in the UI caused by the unexpected sequence of states. I would recommend improving the logic in both clients, as it is possible the UI problem doesn’t occur in all situations.

The article provides technical information about this issue.

DarkCyber Mr. Snowden has adjusted his secure messaging opsec when he is not seeking life in France or preparing for a for-fee lecture.

Stephen E Arnold, October 5, 2019

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta