Signal

Pierluigi Paganini August 30, 2023
Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

China-linked APT group GREF is behind a malware campaign distributing spyware via trojanized Signal and Telegram apps on Google Play ESET researchers uncovered a cyberespionage campaign carried out by the China-linked APT group known as GREF that is distributing spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores. The malware […]

Pierluigi Paganini August 16, 2022
Phone numbers of 1,900 Signal users exposed as a result of Twilio security breach

For about 1,900 users, Twilio hackers could have attempted to re-register their number to another device or learned that their number was registered to Signal. Communication company Twilio provides Signal with phone number verification services, and recent security breach it has suffered had also impacted some users of the popular instant-messaging app. Twilio hackers could […]

Pierluigi Paganini December 01, 2021
FBI training document shows lawful access to multiple encrypted messaging apps

Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The document analyzes lawful access to multiple encrypted messaging […]

Pierluigi Paganini February 13, 2021
Court documents show FBI could use a tool to access private Signal messages on iPhones

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]

Pierluigi Paganini January 20, 2021
Logic bugs found in popular apps, including Signal and FB Messenger

Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio to an attacker device. Google Project Zero security researcher Natalie Silvanovich found multiple flaws in popular video conferencing apps such as Signal and FB Messenger, that allowed to force a target device to transmit audio […]

Pierluigi Paganini December 23, 2020
Cellebrite claims to be able to access Signal messages

Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages. […]

Pierluigi Paganini February 25, 2020
European Commission has chosen the Signal app to secure its communications

The popular cross-platform encrypted messaging service Signal has been chosen by the European Commission for its communications. The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications. The news was first reported earlier this month by the Politico website, a message issued on the commission’s […]

Pierluigi Paganini October 23, 2018
Message Decryption Key for Signal Desktop application stored in plain text

The reverse engineer researcher Nathaniel Suchy discovered that Signal Desktop application leaves message decryption key in plain text exposing them to an attacker. Signal Desktop application leaves message decryption key in plain text potentially exposing them to an attacker. The issue was discovered by the reverse engineer researcher Nathaniel Suchy The flaw affects the process implemented by the Signal Desktop […]

Pierluigi Paganini August 17, 2018
CVE-2018-14023 – Recovering expired messages from Signal

An Italian cybersecurity passionate discovered that it was possible to recover the expired messages from Signal version 1.14.3, Advisory ID: n0sign4l-002 Risk level: 4 / 5 Title: Signal Desktop – Recover Expired Messages Credit: Leonardo Porpora – ‘n0sign4l’ Product: Signal CVE: CVE-2018-14023 Version: 1.14.3 and prior Public Disclosure:  17/08/2018 Vendor: Open Whisper System Details  Signal version […]

Pierluigi Paganini May 15, 2018
Hackers shared technical details of a Code Injection flaw in Signal App

Researchers shared details of a code injection vulnerability they found in the in the Signal app for both Windows and Linux systems. The flaw was promptly fixed by Signal. Signal has fixed a code injection vulnerability in the app for both Windows and Linux systems that was reported by a team of Argentinian experts. A remote attacker could […]