Signal, a popular encrypted messaging app, has recently patched a flaw that left Android users’ audio calls vulnerable to bad actors. Basically, the bug would’ve let someone answer calls for you—and it could all happen without you even knowing.
Google’s Project Zero team reported the bug on September 27, and Signal fixed it in version 4.47.7, which was released last week.
According to the bug report, the gist is a logic error in the Android client. There’s a method called “handle CallConnected” which allows a call to finish connecting. In normal usage, it’s employed when you accept an incoming call and when the caller’s device is notified that you’ve accepted the call.
With a modified client, a bad actor could “send the ‘connect’ message to a callee device when an incoming call is in progress, but has not yet been accepted by the user,” Project Zero researcher Natalie Silvanovich wrote in the bug report. “This causes the call the be answered, even though the user has not interacted with the device.”
This particular bug is somewhat similar to that FaceTime flaw that popped up earlier this year, in which users could eavesdrop on others before a call was answered.
Both involve tricking the programs into thinking a call has been accepted when they haven’t. Unlike the FaceTime bug, however, the Signal bug is limited to audio calls — thankfully, Signal requires users to manually enable video.
As the Next Web points out, the iOS version of Signal has a similar problem to the Android app; however, a UI quirk means it can’t be exploited in quite the same way.
Still, Silvanovich recommends “improving the logic in both clients, as it is possible the UI problem doesn’t occur in all situations.” An iOS update is not available as of publication, but Signal users on Android should make sure they’re running the most current version of the app.