On Saturday, rumours began circulating regarding a potential Signal zero-day vulnerability that could impact the security and privacy of the messaging app’s users.
KEY FINDINGS
- On Saturday, a rumour originated that the Signal messaging app has a zero-day vulnerability.
- After extensive investigation, Signa has confirmed that it didn’t find any evidence that a zero-day exists.
- Rumours originated from an unverified source, shocking everyone and making users feel wary of using the app.
- Signal has reiterated its commitment to ensuring user privacy and data security in its X post.
Zero-day vulnerabilities refer to disclosed but unpatched bugs in a system or device. These bugs are worrisome because malicious actors can exploit them before the software developers release a patch and can cause damages amounting to millions of dollars.
The popular encrypted messaging app, Signal, was recently in the news after an unverified source claimed the app contained a zero-day vulnerability. The company quickly launched an investigation and found no evidence to support this claim.
In a post on X (formerly Twitter), Signal categorically denied that a zero-day bug exists in the system while reiterating its commitment to upholding user privacy and data security. The company stated that it has a robust mechanism to detect and address potential bugs/vulnerabilities.
“PSA (public service announcement): we have seen the vague viral reports alleging a Signal 0-day vulnerability. After a responsible investigation, we have no evidence that suggests this vulnerability is real – nor has any additional info been shared via our official reporting channels,” Signal’s post read.
The company also wrote that it contacted government officials as USG was quoted as a source in the ‘copy-paste report,’ revealing that the officials denied making any such claim.
“We also checked with people across the US government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.”
We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
— Signal (@signalapp) October 16, 2023
We take reports to [email protected] very seriously, and invite those with real info to share it there. 2/
The rumours regarding zero-day in the Signal app originated from a single, unverified source on Saturday afternoon and spread like wildfire.
Reportedly, the bug was associated with the General Links Previews feature, leading to a complete device takeover. Allegedly, the bug could be mitigated by disabling this feature in the app.
Now that Signal has confirmed no zero-day exists in the app, users can breathe a sigh of relief and continue using this app confidently. Signal also aims to upgrade its cryptographic specifications to prevent the threat of cyberattacks facilitated by quantum computers.
Zero-day vulnerabilities still remain a cause of concern within the cybersecurity community, as many bugs are discovered every year. Google’s Project Zero reported 50 zero days in the first nine months of this year, which is much higher than zero days discovered in 2022.
related articles
- Signal CEO hacks Cellebrite cellphone hacking, cracking tool
- How to use Signal Messenger face blur tool on Android & iOS
- Court docs show FBI can unlock iPhones, access Signal messages
- Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
- Facebook blocks Signal from using ads to show Instagram data collection