What is signal messengerSignal messenger is a popular secure messaging platform known for its secure message encryption techniques which is seen vastly in its features. According to BestVPN blog which describes Signal in its perfect light. Also, what makes it the best secure messaging platform. BestVPN says ‘Signal messenger is widely regarded as the most secure and private way to communicate over distance yet devised. Signal is the brainchild of privacy legend Moxie Marlinspike.’ It’s simplicity and secure features makes it easier for people to replace the in built sms platforms or the popular Whatsapp messenger app, for it. The conversations or messages that are done from between two users of signal are sent over the internet, across various tunnels and protected by very strong end-to-end encryption keys.
What makes signal messenger secureIt’s end-to-end encryption: This feature of signal makes it difficult for unautorized recipients of a message to view or modify a message that has been sent via signal. for. How does this happen? Well, signal ensures all messages are encrypted before being delivered to the receiver and only the authorized recipient can decrypt it. Signal also provides a strong encryption process for all messages that are stored making it twice as difficult to decrypt But, just remember that messages sent to non-Signal users are not secure!
Vulnerability found on Signal Messenger DesktopIn explaining how this vulnerability works, Bleeping computers shared this:
“When Signal Desktop is installed, it will create an encrypted SQLite database called db.sqlite. This is used to store the user’s messages. The encryption key for this database is automatically generated by the program when it is installed without any interaction by the user. As the encryption key will be required each time Signal Desktop opens the database. It will store it in plain text to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json”
And that’s what makes the function a vulnerability. Anyone having physical access to the computer can open the plain text file to find the decryption key. The attacker may then use this key to open up the SQLite database. Hence, he can easily access the entire app contents.
Regarding a Patch for Signal Messenger VulnerabilityThey disclosed the findings on Twitter where they also stated that they couldn’t contact Signal privately. We are not sure when this bug would be fixed but we advice all users to be careful when using their signal desktop app.
What to do while signal desktop messenger awaits patching
- Make sure you’re only connected to trusted networks when connecting to signal desktop app
- Never leave your computer unattended, if you must make sure signal messenger is signed out completely.
- Auto lock your system when not in use