Google project zero Team researcher discovered a vulnerability in Signal Messanger App lets a malicious attacker force an incoming call to be answered at the receiver end without any user interaction.
The bug explained by the researcher as a logic error in the Signal app that allows answering the call even if the receiver didn’t pick up the call.
Popular Encrypted Signal app provides an encrypted messaging service for cross-platform with various options including share files, voice notes, images, and videos.
A vulnerability resides the handleCallConnected cause the call to be answered without even user interaction and the vulnerability affects the only audio call.
According to Natalie Silvanovich from Google project zero, “During normal use, it is called in two situations: when callee device accepts the call when the user selects ‘accept’, and when the caller device receives an incoming “connect” message indicating that the callee has accepted the call.”
In this case, with the help of the modified client, the attacker will send a “connect” message to the callee device during the incoming call is in the process without accepting the call.
It causes the call to be answered without any sort of user interaction and is only applicable during the voice call and won’t work in video call since the user needs to manually enable it.
The vulnerability comes under 90 days disclosure deadline and the Signal team now patched the vulnerability and release the new version update as Signal 4.47.7.