Signal says there’s “no evidence” of device-hijacking flaw
Signal has been forced to deny rumours sweeping social media that its messaging software was suffering from a serious zero-day vulnerability.
Reports spread on social media over the weekend that a flaw in the way the app generated link previews would allow attackers to take control of devices. Signal users were advised to switch off the link previews in the app’s settings to mitigate the alleged flaw.
This morning, the company has taken the unusual step of denying that the flaw exists on its own X (formerly Twitter) account.
“We have seen the vague viral reports alleging a Signal 0-day vulnerability,” the company tweeted. “After responsible investigation we have no evidence that suggests this vulnerability is real nor has any additional info been shared via our official reporting channels.”
A follow-up tweet stated: “We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim. We take reports to [email protected] very seriously, and invite those with real info to share it there.”
Signal’s president, Meredith Whittaker, went even further, suggesting the rumours were part of an orchestrated campaign. “WE HAVE NO EVIDENCE THAT THE REPORT IS REAL,” she tweeted. “Pls share with anyone who passed you this info. The vague and viral form of the report has the hallmarks of a disinfo campaign.”
Signal has been one of the biggest critics of the UK Government’s plans to clamp down on end-to-end encryption, as part of the recently passed Online Safety Bill. In addition, Whittaker has posted tweets in the past week that appear to be critical of Israel’s recent actions in Gaza. To be clear, we’ve seen no evidence of any link between the Signal “disinfo” and the company’s/CEO’s public statements.
NEXT UP
Andrew Kay, Director of Systems Engineering APJ at Illumio: “The most worrying development with ransomware is that it has evolved from simply stealing data to impacting IT availability”
Andrew Kay, Director of Systems Engineering APJ at Illumio, has 20 years’ experience helping organisations strengthen their cyber resilience. We interview him as part of our Threats series on cybersecurity.
The imperative of making a career in the data centre industry attractive
Adelle Desouza addresses the problem of an aging workforce in the data centre industry as well as how to make it an attractive career for new generations
I don’t care who hacked the Ministry of Defence, I do care how they did it
We may never know who hacked the Ministry of Defence, says Davey Winder, but who cares? It’s how they did it that has real-life implications