Tag Archives: android

Signal Forensic

At Blackhat 2016 Jean-Philippe Aumasson and Markus Vervier were a bit bored and decided to take a peek at the Signal source code. Here’s their pwnaccelerator blog post.

If you – like most people in the real world – cannot make sense of the technical writeup, scroll to the bottom & read this:

Timeline

  • 2016-08-03 Start of review
  • 2016-09-13 Disclosure of initial findings to vendor
  • 2016-09-13 Vendor releases and publishes two fixes
  • 2016-09-15 Writeup release

See that? Fixes published the same day as the findings were disclosed. That’s the power of the Open Source software model. Apparently there’s more from this review to be published yet. I’ll post the findings here when they’re available.

Edit: Part 2 of their Signal bug hunt has been released. Sorry, *yawn*. If you’re interested, click on the iFrame content & navigate to their later posts.

Thanks to Jean-Philippe Aumasson and Markus Vervier for making our favourite privacy-protecting messaging app even better.