Hunting For Vulnerabilities in Signal

Author(s): Jean-Philippe Aumasson
Markus Vervier
Category: Vulnerability Development
Duration: 45
Summary: Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you've never heard of any vulnerability in its code base. That's what this talk is about: hunting vulnerabilities in Signal.

We will present vulnerabilities found in the Signal Android client, in the underlying Java libsignal library, and in example usage of the C libsignal library. Our demos will show how these can be used to crash Signal remotely, to bypass the MAC authentication for certain attached files, and to trigger memory corruption bugs.

Combined with vulnerabilities in the Android system it is even possible to remotely brick certain Android devices. We will demonstrate how to initiate a permanent boot loop via a single Signal message.

We will also describe the general architecture of Signal, its attack surface, the tools you can use to analyze it, and the general threat model for secure mobile communication apps.

Open Whisper Systems, which maintain Signal, rapidly acknowledged and fixed the vulnerabilities.

Likes: 1

Comments

jaisonyi

Hum... sound good and really wish to watch their demonstration how to initiate it. ..


daveaitel

Annoying part here is about how the bugs are fixed. ;)


veorq

Maybe not everything fixed :) (co-author here)


j4ck

Already presented, no?


veorq

No


spongepat

Too bad it's fixed


SonofFlynn

Is this the same talk being presented at Troopers?