Attackers can take advantage of the user’s confidential information.
A bug was discovered in the computer version of the Signal messenger, with the help of which hackers gain access to the cache of remote attachments.
This is reported John Jackson.
The vulnerability is relevant for Signal version 6.2.0 and earlier builds that were released on Windows, Linux and MacOS. The experts found two bugs at once, which received the identifiers CVE-2023-24068 and CVE-2023-24069. Using them, an attacker can access confidential attachments sent in messages, as well as replace them.
The PC version of Signal has been known to store attachments in the ~attachments.noindex directory unencrypted. If the user removed them from the dialog, then they are automatically removed from this directory.
However, if the interlocutor sent a reply with a quote to a message with an attachment, the local folder continues to keep it open, even if it has disappeared from the interface.
“An attacker who can access these files will not even need to decrypt them, and there is no regular cache clearing process, so files that are not deleted are simply unencrypted in this folder,” said John Jackson.
Moreover, an unscrupulous user can change the file stored in the cache. It will not be replaced automatically by the interlocutors, because each Signal Desktop client has its own local cache.
If the target of a potential hack sends an existing thread to other chats after the spoof, then it will contain the spoofed files, not the original ones. Therefore, Signal Desktop does not check for changes to previously cached files.
However, it should not be assumed that all users are at risk. Many additional steps must be taken to exploit this vulnerability, and several factors must match.
The target of the attacker’s attack must be using Signal Desktop, not just the mobile device app. The hacker will be forced to hack into the victim’s computer in order to be able to view files on the PC.
To do this, you will need to use other methods that may simply be ineffective. However, coincidence should not be ruled out. So far, the Signal authors have not commented on the discovery of this bug.
Cursor talked about how save your smartphone from annoying spam.