Harry Hodler on Nostr: 🚨🚨 MAC and LINUX Signal app got major security issue 🚨🚨 "The encryption ...
🚨🚨 MAC and LINUX Signal app got major security issue 🚨🚨
"The encryption key used to encrypt the local DB that contains all the secrets and chat history is stored in plain text in a location accessible by any app, process or script started by the Mac user."
ODELL (npub1qny…95gx) seems Signal got a major flaw. You can copy a session and read/write from the copied session without Signal adding another session. Also proven on Linux.
Published at
2024-07-08 08:08:24Event JSON
{
"id": "d097fa370fedf378b63e7075683fc726dd7fc0f8203f50ac0177dd18ba0a0831",
"pubkey": "380cdf5b61d0d1ebc1630e02e524325919d4f97d14e0ff3068005a3c675e3445",
"created_at": 1720426104,
"kind": 1,
"tags": [
[
"e",
"a3effcc044b35f5ceae8563b57058887ace5370f00477331b9c7ad244c30001d",
"",
"mention"
],
[
"p",
"380cdf5b61d0d1ebc1630e02e524325919d4f97d14e0ff3068005a3c675e3445",
"",
"mention"
],
[
"q",
"a3effcc044b35f5ceae8563b57058887ace5370f00477331b9c7ad244c30001d"
]
],
"content": "🚨🚨 MAC and LINUX Signal app got major security issue 🚨🚨\n\n\"The encryption key used to encrypt the local DB that contains all the secrets and chat history is stored in plain text in a location accessible by any app, process or script started by the Mac user.\"\n\nnostr:nevent1qqs28mlucpztxh6uat59vw6hqkyg0t89xu8sq3mnxxuu0tfyfscqq8gpz3mhxue69uhhyetvv9ujumn0wd68ytnww5pzqwqvmadkr5x3a0qkxrszu5jrykge6nuh698qlucxsqz683n4udz9qvzqqqqqqygs4khm",
"sig": "e2940d771b7a2dce3f5156034db7378d299b12169d8dae840e3e3eb31d9ceede1e3277fd14fe081ad510b230027834b4919489e9f75bbd64ee0f65b99f7374fb"
}