Signal users can be heard with a simple call. A logical error in the messenger code allows this on the Android client. Affected users should install the provided update as soon as possible.
Google's Project Zero researchers have discovered a security flaw in the messenger signal that allows users to secretly spy. The error is located on the messenger Android client. A caller can force the recipient's device to accept a conversation without the recipient's interaction.
Security experts describe the gap in the Project Zero blog more accurately: according to the leak, it's based on the so-called handleCallConnection signal from the Android client. This method is generally applied in two situations, according to the blog entry. When the called party accepts the call or to inform the caller that their caller has clicked "accept".
However, the bug now allows the receiving device to send a message directly to a call, which signals the receiving device to accept the call. As Project Zero writes, this is a logical flaw in code that has so far been simply ignored.
Unable to spy on video calls
As long as the audio call does not end, the attacker has the opportunity to spy on the recipient. A video stream, however, cannot be initiated by the caller, therefore by Google, as this must always be enabled manually.
The logical error described is the blog entry according to iOS. Here, however, a device user interface error causes the attack to be unsuccessful.
Project Zero also provides code that Android users can use to bridge the gap. The alternative and somewhat simpler method, however, is to obtain the signal provided by Signal aufzuspielen.