A security flaw was recently discovered in the messaging app
– Signal. However, the company has addressed the issue immediately and a new,
updated version of the app is available for download now.
Security firm Tenable was the first to come across the bug
on Signal. According to their reports, the glitch enabled the hackers to access
the Signal user’s location data and identifies the patterns in their movements –
such as the time they are likely to be home, go to work, or favorite hangout
spot.
To carry on the attack, the ‘bad actors’ were only required
to use Signal to call another user and get hold of their location information –
even if they don’t answer the call!
The Signal messaging app is famous for offering end-to-end encryption
in both – calls and texts and is used by millions of users on a daily basis via
Android and iOS. Even the biggest advocate of data privacy Edward Snowden
claims to use the Signal app every day.
However, the vulnerability discovered by Tenable indicates that
the app is not as secure as anticipated. And could potentially be used by hackers
to make precise location assumptions.
Luckily, Signal was quick to respond and issued a patch for
the issue via GitHub. It also included a patch to the WebRTC project to protect
other potentially affected apps.
An updated version of the app is now available on Apple App
Store and Google Play Store. The users of the Signal app are advised to immediately
update their messaging apps to eliminate the risk.
Tenable also notes that even though Signal users may now be exempted from the vulnerability – the risk of a similar flaw remains with other services and should be analyzed by the relevant providers
