Hunting For Vulnerabilities in Signal

Author(s): Jean-Philippe Aumasson
Markus Vervier
Category: Vulnerability Development
Duration: 45
Summary: Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you've never heard of any vulnerability in its code base. That's what this talk is about: hunting vulnerabilities in Signal.

We will present vulnerabilities found in the Signal Android client, in the underlying Java libsignal library, and in example usage of the C libsignal library. Our demos will show how these can be used to crash Signal remotely, to bypass the MAC authentication for certain attached files, and to trigger memory corruption bugs.

Combined with vulnerabilities in the Android system it is even possible to remotely brick certain Android devices. We will demonstrate how to initiate a permanent boot loop via a single Signal message.

We will also describe the general architecture of Signal, its attack surface, the tools you can use to analyze it, and the general threat model for secure mobile communication apps.

Open Whisper Systems, which maintain Signal, rapidly acknowledged and fixed the vulnerabilities.

Likes: 1



Hum... sound good and really wish to watch their demonstration how to initiate it. ..


Annoying part here is about how the bugs are fixed. ;)


Maybe not everything fixed :) (co-author here)


Already presented, no?




Too bad it's fixed


Is this the same talk being presented at Troopers?