Signal, the popular encrypted messaging app, has just rolled out a bug-fix update on Android to prevent hackers from hijacking your incoming calls. It is learnt that the hackers could answer the call on your behalf without your input, using this inherent bug.
Google’s Project Zero team has confirmed that only audio calls are affected by the bug currently as the video option is disabled by default for all incoming calls.
The bug came to light on September 28 and since then Signal has patched up the loophole in its latest update (v4.7.7) of the app.
“Using a modified client, it is possible to send the ‘connect’ message to a callee device when an incoming call is in progress, but has not yet been accepted by the user. This causes the call to be answered, even though the user has not interacted with the device,” Project Zero’s Natalie Silvanovich confirmed.
iOS users are somewhat safe as of now, thanks to its inherent user interface error with the app which prevents the call from being received or completed.
Consequently, the eavesdropping issues is currently limited to Android version of Signal app. iOS currently stays unharmed by this bug.
A similar FaceTime bug (unearthed last year) allowed hackers to remotely hijack the incoming call and hear the caller’s voice before it reached the intended recipient.
All Signal users are advised to install the new update on priority and stay safe from hackers’ devious exploits.