Posted on October 8, 2019 at 3:54 PM

Flaw That Allows Remote Access To Microphone Discovered On Signal App

Privacy focused apps are becoming more popular as user concerns over their personal data become a more pressing issue. There are many messaging and social media applications that have been created with a particular focus on providing their users with secure communications.

Telegram and Signal are some of the applications in this category. A Google search for secure messaging apps will likely lead you to one of those applications, and their popularity has grown over the last few years.

However, a recent revelation has shown that Signal may not be as secure as many would like to believe. Many users and companies are concerned about cybersecurity and learning that an application such as Signal has a major flaw such as the one that researchers have discovered will raise the level of concern across the board.

Researchers discover flaws in Signal’s calling feature

Researchers around the world are continually working on discovering possible flaws that lie in systems and applications that are used daily by people. These weaknesses are exposed in a bid to improve the security on these platforms and give users a complete picture of the kind of risk that comes with the use of the applications.

The companies behind the application can also use the information gathered by the researchers to improve their product and provide their users with the best possible service.

Google’s Project Zero is one such group of researchers that have been put together to look at various applications and discover any flaws that may lie in the apps. On the 29th of September, 2019, the team made a startling discovery about Signal messaging app.

According to the discovery made by the team at Project Zero, calls to one’s Signal app can be answered remotely without the owner of the app knowing that they even got a call to begin with. This will allow the person, on the other hand, to listen in on any conversation the other person is having.

Signal: Incoming call can be connected without user interaction https://t.co/0sKc1ITHF8

— Project Zero Bugs (@ProjectZeroBugs) October 4, 2019

This flaw in Signal’s app is made possible by a process called “handleCallConnected” on the application’s Android client. This is the client that is responsible for notifying a user that they have accepted the call by sending a call connected message.

An attacker can use a modified version of the client to make a call to your app and send the connected message to the phone before the target of the attack has been notified of an incoming call. When the call goes through, the caller presses their mute microphone button and it answers the call on the other side without the other person’s knowledge.

The client with the same function iOS had a similar problem, but it was resolved by a UI error before the connection could be established. This discovery is a major concern for the app’s Android users and there will be significant concerns about the privacy risks that come with using the app.

Once the call is connected, the device under attack will display the Signal call screen as normal and if one is looking at their device at the time of the attack, they will be able to notice that there is a call in progress.

This means that this flaw is not a silent trigger of the phone’s microphone and it can be stopped once one notices that there is a connected call on their Signal app. If the device is in a pocket or far from one’s view, they will not be able to tell that there is someone else using their phone to eavesdrop on them.

The remote answering of calls can only be done on audio calls and does not work for video calls. This is a consolation that lets users know that the attacker cannot use the app as a video feed into their life.

Thanks to Natalie for finding this!

Worth noting that it was Android only, your phone would ring, display as a connected call, and log the completed call at the top of your conversation list. It’s not silently “enabling the microphone.” Also fixed.

— Moxie Marlinspike (@moxie) October 4, 2019

Implementing solutions to the problem

Once the flaw was uncovered by the Project Zero team, Signal was quick to respond to concerns that were raised by their customers. The team from the messaging app took responsibility for the fault in their application and reassured clients that they were working on resolving it quickly. The company patched the flaw on its Android application with a version 4.47.7 update that was immediately available to users. This response was commended by many users who cited that most companies would have denied that such a flaw even existed in their applications.