Using “Signal” For Encrypted Chats, You Shouldn’t Skip Its Next Update

Share It On:

Through signals, many attackers are targeting your devices, and it directly or indirectly affects to your system as well so let’s know how the message would impact to your system.

The whistleblower Edward Snowden had shown several vulnerabilities in Signal. One would allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while on others, but would enable hackers to remotely execute malicious code on the targeted device. Besides, many confidential files of users are kept in Github and Google’s Official Play Store so that people are vulnerable to the attack of hackers.

The flaws in Android version of Signal include:

  1. Message authentication-bypass vulnerability
  2. A remote code execution vulnerability
  3. Crash bug

Similarly, the researcher Jean-Philippe Aumasson and Markus Vervier have discovered the message authentication-bypass vulnerability while reviewing the java code used by the signal for Android. It is sure that no one can do exploitable except the attackers or hackers who can we work on a signal server or a monitor data passing between signal users would be able to append pseudorandom data to the legitimate attachment. However, in the case of attachment, the signal does not verify the authenticity of the entire file; instead, it would allow hackers to attach pseudorandom data to the legitimate attachment.

Talking to Ars Technica, Aumasson said he found the integer overflow bug in the following line of code: int remainingData = (int) file.length () – mac.getMacLength();

  1. The value ‘file.length ()’ is a number encoded on 64 bits (of type ‘long’).
  2. The receiving variable ‘remainingData’ is a number encoded on 32 bits (of type ‘int’).

Even though signal uses end-to-end encryption to encrypt the messages on the sender’s device and decrypt it only on the receiver’s end, the encrypted messages still pass through a server, which would allow the hackers to carry out the message authentication bypass attack by hacking.

It is also known that Aumasson and Vervier are even now testing the same bugs in WhatsApp and Facebook Messanger to rely on signal code.


Share It On:

Recent Posts

Golchha Group and ENSSURE Nepal Launch VET Apprenticeship Program to Boost Skills

Golchha Group and ENSSURE Nepal Launch VET Apprenticeship Program to

Share It On:24th December 2024, kathmandu Golchha Group, a pioneering industrial group in Nepal that carries a legacy of 100

Nepal Telecom BTS Vandalism in Humla: Service Disruption and Repair Efforts

Nepal Telecom BTS Vandalism in Humla: Service Disruption and Repair

Share It On: 24th December 2024, kathmandu Nepal Telecom is facing a major disruption in its services in the Humla

Worldlink Carnival Pokhara 2024: Fun, Music, and Prizes Await

Worldlink Carnival Pokhara 2024: Fun, Music, and Prizes Await

Share It On:24th December 2024, Kathmandu Worldlink, Nepal’s top internet service provider, is organizing a grand event, the “Worldlink Carnival,”

Nepal Power Grid Upgrade: $537M Investment for Enhanced Energy Access and Regional Trade

Nepal Power Grid Upgrade: $537M Investment for Enhanced Energy Access

Share It On:24th December, Kathmandu Nepal has secured an investment of NPR 72.93 billion (USD 537 million) for enhancing its

Ncell Foundation 4 for 4s NPL Campaign Provides 2600+ Kits  for Education and Empowerment

Ncell Foundation 4 for 4s NPL Campaign Provides 2600+ Kits

Share It On:24th December 2024, Kathmandu Linking the excitement of cricket via Nepal Premiere League (NPL) to the classrooms, Ncell

Closeup & Voice of Nepal Partnership: Elevating Nepali Music and Talent

Closeup & Voice of Nepal Partnership: Elevating Nepali Music and

Share It On:24th December 2024, Kathmandu Unilever Nepal’s popular brand, Closeup, has signed an agreement to sponsor the sixth season