Infiltrate Security Conference OPEN CFP

TALK PROFILE
This CFP is not yet open - Check back soon!

Hunting For Vulnerabilities in Signal

Vulnerability Development
45

Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you've never heard of any vulnerability in its code base. That's what this talk is about: hunting vulnerabilities in Signal. We will present vulnerabilities found in the Signal Android client, in the underlying Java libsignal library, and in example usage of the C libsignal library. Our demos will show how these can be used to crash Signal remotely, to bypass the MAC authentication for certain attached files, and to trigger memory corruption bugs. Combined with vulnerabilities in the Android system it is even possible to remotely brick certain Android devices. We will demonstrate how to initiate a permanent boot loop via a single Signal message. We will also describe the general architecture of Signal, its attack surface, the tools you can use to analyze it, and the general threat model for secure mobile communication apps. Open Whisper Systems, which maintain Signal, rapidly acknowledged and fixed the vulnerabilities.

Back to Open CFP
Rated 6 - 51 reviewers

Comments

jaisonyi

Hum... sound good and really wish to watch their demonstration how to initiate it. ..

daveaitel

Annoying part here is about how the bugs are fixed. ;)

veorq

Maybe not everything fixed :) (co-author here)

j4ck

Already presented, no?

veorq

No

spongepat

Too bad it's fixed

SonofFlynn

Is this the same talk being presented at Troopers?

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to cfp@immunityinc.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: