Android Users: Update Signal Now to Prevent Eavesdropping
According to a bug report released in late September by Google’s Project Zero team, an issue with the popular hidden messaging app Signal on Android allowed any attacker to essentially eavesdrop on a person’s device (via audio, not video).
As Project Zero describes :
“The Android client has a handleCallConnected method that causes the call to end the connection. In normal use, it is called in two situations: when the called device receives a call, when the user selects “accept”, and when the calling device receives an incoming “connect” message indicating that the called party has accepted the call.
Using the modified client, it is possible to send a “connect” message to the called device when an incoming call is in progress but has not yet been accepted by the user. This causes the call to be answered even if the user has not interacted with the device.
It is a rather unfortunate experience for all those affected, but we have good news. First, if you are an iOS user, the error will not affect you at all. Second, there is already a solution for this problem for Android users; you just need to update your Signal app if you haven’t already. To do this, open the Play Store app on your device, tap the hamburger icon in the upper left corner, tap “My Apps & Games” and update.
You will need to make sure you are using the 4.47.7 version of the app, at a minimum, which you can check by opening Settings, tapping Apps & Notifications, tapping Alert (or View All). .apps if it’s not at the top of the list) by clicking More and scroll down to the bottom of the screen to check the app’s version number.