Advisory ID:
n0sign4l-002
Risk level:
4 / 5
Title:
Signal Desktop - Recover Expired Messages
Credit:
Leonardo Porpora - ‘n0sign4l’
Product:
Signal
CVE:
CVE-2018-14023

Version:
1.14.3 and prior
Public Disclosure:  17/08/2018
Vendor:
Open Whisper System





Introduction:
I am 17 years old and since I started dealing with informatic and cybersecurity I have been inspired by E. Snowden character, bravery and value, even when he faced hard consequences for his actions. To me he is a really special person and I consider him like a brother.
Defending human rights - and privacy in particularly - is a must in a democratic society and for this reason, in my opinion, everybody should use Signal messaging application for their communications.

Details 

Signal version 1.14.3 was vulnerable to the recovery of expired messages.
When I reported the vulnerability to Signal Security Team. they fixed it in a very short time, but the fix was partial; in fact version 1.14.4, even though fixed one vulnerability, was still vulnerable to a different attack. I reported the new issue to the security team and version 1.15.0-beta.10 finally fixed the problem.

Everything started from a message that was not cleared from the preview of Signal-Desktop



 so I said this message must be stored somewhere..., I tried to dump the memory and BOOM :) the message was still there. Messages were stored in the log [I think to double check that they are actually deleted] but they did not clear them with a garbage collector or whatever so I was able to recover them.


The version 1.14.4 fixed this issue but I wanted to try if was possible to recover messages again from the logs and they were still there. The issue was relatedto IndexedDB not deleting messages predectably.

PoC:

https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop

Solution

Update Signal to version 1.15.0-beta.10


Final thoughts:
I am very happy to have contributed to the security of Signal, an application that I use every day to talk with my friends, professors...
My contribution was also possible because this is an open-source project and other than just reporting the security hole I had the opportunity to analyze the source code and highlight the flaw.
This is a small example of how effective is the open-source model and I hope everyone can understand the benefits of the community contribution in data protection field so that everybody can provide contributions.
Sorry I can not hear you, there's interference
n0sign4l :)
Contact: +39 3453289898  

Commenti

  1. The combination of a high amount of espresso, water, and electrolytes will help to open the floodgates. To assist your body in growing cleaner faster, take B vitamin pills along with your coffee. Another common home cure for THC drug tests is apple cider vinegar. Apple cider vinegar has long been hailed as a wonder beverage, chock-full of nutrients that can help you get healthy. However, you still need to wash your hair using a proper shampoo like Zydot Ultra Clean Shampoo. Do not forget to repeat this process at least three times every day before your hair test day and, again, one more time on the morning of the test. Visit: https://www.urineworld.com/

    RispondiElimina

Posta un commento