A quick Google search for the “most secure messaging apps” introduces you to “Signal – a private messenger.” Yet, who knew that it still would be vulnerable?
On Saturday, September 29, Google’s Project Zero team which is responsible for finding previously unknown exploits discovered that calls on the app could be answered even if the receiver did not authorize any such connection. In simple words, calls could be picked up without your knowledge.
This little eavesdropping process happened to be possible because of a method named “handleCallConnected” in their Android client. Used normally when one needs to accept an incoming call and at the same time when the caller is notified that the call has been accepted using a “connect message”.
However, with the help of a modified client, the connect message can be sent when the user has not accepted the incoming call himself resulting in the connection being made. As for the iOS client, it also had the same problem but luckily a UI error interrupted the process and didn’t let such a connection be made.
See: Snowden Explains Why Telegram Messenger App is Unsafe
As for how attackers could have or do exploit this neat technique is no mystery. The Project Zero Team has in fact laid down the entire process one needs to initiate in order to do so. Firstly a modified client needs to be created where the ” handleSetMuteAudio” method is replaced with the following method in a file named WebRtcCallService.java:
..Support the originator by clicking the read the rest link below.
