A security flaw was recently discovered in the messaging app – Signal. However, the company has addressed the issue immediately and a new, updated version of the app is available for download now.
Security firm Tenable was the first to come across the bug on Signal. According to their reports, the glitch enabled the hackers to access the Signal user’s location data and identifies the patterns in their movements – such as the time they are likely to be home, go to work, or favorite hangout spot.
To carry on the attack, the ‘bad actors’ were only required to use Signal to call another user and get hold of their location information – even if they don’t answer the call!
The Signal messaging app is famous for offering end-to-end encryption in both – calls and texts and is used by millions of users on a daily basis via Android and iOS. Even the biggest advocate of data privacy Edward Snowden claims to use the Signal app every day.
However, the vulnerability discovered by Tenable indicates that the app is not as secure as anticipated. And could potentially be used by hackers to make precise location assumptions.
Luckily, Signal was quick to respond and issued a patch for the issue via GitHub. It also included a patch to the WebRTC project to protect other potentially affected apps.
An updated version of the app is now available on Apple App Store and Google Play Store. The users of the Signal app are advised to immediately update their messaging apps to eliminate the risk.
Tenable also notes that even though Signal users may now be exempted from the vulnerability – the risk of a similar flaw remains with other services and should be analyzed by the relevant providers