Vulnerabilities

Signal fixes bug that sent random images to wrong contacts

0

Signal has fixed a bug in its Android app which in certain cases, sent random pictures to contacts. The issue was reported in December 2020, but due to the difficulty of reproducing the bug, it was fixed this month.

When a user sends an image using the Signal Android app to one of their contacts, the contact would occasionally receive not just the selected image, but additionally a few random, unintended images, that the sender had never sent out.

The issue was reported by Rob Connolly on the app’s GitHub page which was confirmed by other users later. According to Connolly, since the sender had not sent out the additional images, it might be due to the messages getting “crossed over” from another contact of the recipient or from an unknown party.

However, the exposed images were not of a sensitive nature.

Following the initial December 2020 report, Signal’s team immediately requested logs, in order to debug and remediate the issue. But, it took quite some time and effort to effectively reproduce the issue.

Now a fixed version of the Signal Android app was rolled out. The fix is included in version 5.17 of the Signal Android app, released this month.

Signal’s Android developer Greyson Parrelli stated that Signal takes bugs like these very seriously. This bug was extraordinarily rare, and as they did not have metrics/remote log collection, there was an initial period where they had to spend time adding logging and collecting user-submitted logs to try to track it down.

As of now, this issue has only impacted the Android version of the app. All the Android users of the end-to-end encrypted messaging app are recommended to update to the latest version which is available on Google Play store.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Akamai DNS global outage took down major websites

    Previous article

    Estonia arrests hacker for stealing 286K ID scans

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *