Signal patches Android bug that allowed hackers to answer calls on your behalf

Signal patches Android bug that allowed hackers to answer calls on your behalf

Popular encrypted messaging app Signal has fixed a crucial flaw in its Android app that could’ve allowed bad actors to answer calls on your behalf. What’s more, it needed no intervention from your end.

Google’s Project Zero team, which uncovered the bug on September 28, said it only affects audio calls, as the video option needs to be manually enabled for all incoming calls.

Signal has since patched the problem in its latest update of the app (version 4.47.7).

“Using a modified client, it is possible to send the ‘connect’ message to a callee device when an incoming call is in progress, but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device,” Project Zero’s Natalie Silvanovich noted.

The eavesdropping flaw would have been an issue on the iOS version of Signal too, if it wasn’t for an error in the user interface that prevented the call from being completed. As it stands, the flaw can’t be exploited on iOS.

The bug is also a lot similar to a major FaceTime flaw that was uncovered this year, which allowed a remote attacker to hear other person’s voice even before they answered your call.

If you are a Signal user, you should waste no time updating the app.

Read next: Instagram might soon let you post group stories

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.