Connect with us

Data Breaches Hacker News

Signal Desktop App Vulnerability Allows Encrypted Data to Be Out In the Open

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Data Breaches

77 Million Nitro PDF Records Compromised

Data Breaches

Solarwinds Hackers Achieve End Goal of Acquiring High-Profile Government Targets

Data Breaches

British Airliner EasyJet Victim of Cyber Attack - 9 Million Records Exposed

Data Breaches

Massive Data Breach of Panama Citizens

Data Breaches

Outlook Breach More Expansive than Previously Thought

Data Breaches

Second Toyota Security Breach puts 3.1 Million Consumers at Risk

Data Breaches Hacker News

Korean Crypto Exchange BitHumb Loses $19 Million to Hackers

Data Breaches Hacker News

Major Aluminum Manufacturer Hit With Cyber Attack Stopping Worldwide Production

Data Breaches

Signal Desktop App Vulnerability Allows Encrypted Data to Be Out In the Open

Published

5 years ago

on

Signal Desktop App Vulnerability Allows Encrypted Data to Be Out In the Open

Signal DesktopApp Vulnerability Allows Encrypted Data to Be Out In the Open. It has been recently discovered that an application by the name of “Signal Desktop” has been habitually making procedural errors that have led to the compromise of locally stored data, exposing said data to the dark cyber network.

 

 

Once signal desktop is installed, an encrypted SQLite database that is presented as “db sqlite” is also immediately installed along with it, and with it observes an instant and autonomous generation of an encryption key that works the database.

 

 Said created encryption key is essential for the opening up of the database each time it is required and because of this, it is saved on general devices in the same standard text format in the location of a local file named %AppData%\signal\config.json. This database key is easily obtainable by third party and can be seen and referred to quite effortlessly.

 

https://twitter.com/nathanielrsuchy/status/1054720111330951168/photo/1

This issue concerning data compromise with the Signal Desktop application, was uncovered by a researcher who was convinced that this procedural glitch made to expose a user’s entire confidential database, giving easy access to malware and cyber attackers if they ever gained access to the device, using the opportunity to exploit.

 

Researchers have further stated that all encryptions should be done employing extreme security measures and dexterity.

 

In a situation where the installation of the signal desktop application occurs before the config.json file is opened to retrieve the encryption key, the program spontaneously redirects users to submit their decryption key.

 

 

Immediately the key is submitted to the config.json file, the full database gets compromised, leaving it out in the open for external parties to access. The use of encryption to safeguard a user’s personal information is quite the gain right until the glitch in its procedure causes a downward spiral, and confidential data gets exposed

 

The problem could be easily controlled if users are required to key in a password for the encryption key generation instead of the autonomous method of encryption key generation.

 

This method of a user-generated encryption key, which makes for only the user having access to the generated key is already a widespread practice.  The only hitch that has been observed with this method of encryption key generation is that in the situation in which a user forgets or loses his or her password, the data would be lost to him or her forever.

 

 

The proprietors of Signal Desktop have yet to release any statements regarding the issue.

Related Topics:

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *