It is currently 15-12-2017 15:14

In secure messenger Signal discovered three vulnerabilities

In secure messenger Signal discovered three vulnerabilities

by sigismund » 2016-09-16 15:49:35


Vulnerability is an example of which is absolutely secure applications does not exist.


Security experts Jean-Philippe Masson (Jean-Philippe Aumasson) and Marcus Verviers (Markus Vervier) discovered three vulnerabilities in recommended by Edward Snowden Signal a secure instant messenger for Android devices. The vulnerability has already been fixed, but the updated version of the app is not yet downloaded in the Google Play Store and currently only available on GitHub, which means millions of users at risk.

One of the researchers discovered vulnerability allows an attacker to add arbitrary data (including malware) to the attachments in encrypted messages. An attacker could remember proekspluatirovat it by sending in the attachment file is very large (at least 4GB), thereby causing an integer overflow. An attacker could exploit the vulnerability, only after having broken into the server Signal or in any other way having the opportunity to monitor the transmitted user data.

The second vulnerability allows to remotely execute code on the target device, and the third is to remotely cause a failure in the application. As explained Masson, the researchers discovered security problems are not catastrophic, however, demonstrate that, like other programs, Signal is not perfect.

Signal – free application with open source code from Open Whisper System, designed to exchange text messages and make voice calls. Transmitted data is protected using end-to-end encryption. The app is available for Android and iOS devices.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5