Hackers learned to read deleted messages in Signal messenger

Researcher John Jackson has discovered two vulnerabilities in the desktop version of the confidential Signal messenger that could allow attackers to access deleted user attachments. The bugs are relevant to Signal 6.2.0, which runs on Windows, Linux, and macOS.

Signal Desktop stores all attachments in the ~attachments.noindex directory in unencrypted form. If a user deletes files from a chat, they are automatically deleted from this directory. However, if a reply was sent to a message with an attachment (with a quote), the file continues to be stored in the local folder in an open form even after deletion in the messenger interface.

«A hacker who gains access to confidential attachments won’t even need to decrypt them. Signal doesn’t have a regular cache clearing process, so un deleted files are simply stored in this folder in an unencrypted form ,» said John Jackson.

In addition, an attacker can even replace a file stored in the messenger’s cache. Users will see a «new» attachment after sending a message to another chat.

Earlier today, it was reported that hackers had been exploiting a zero-day vulnerability on iPhone and iPad devices for a long time. According to the company’s security experts, the problem has long been fixed, thanks to the launch of the next update.

Cyberterrorists have also learned how to exploit the Galaxy App Store vulnerability and secretly install malicious applications on Samsung gadgets. The defect in Samsung’s app store became known at the end of December last year, when cybersecurity experts from NCC Group discovered the vulnerabilities and warned the manufacturer. However, the Galaxy App Store has managed to solve all the problems only now, after the update was launched.