Reverse engineering researcher Nathaniel Suchy discovered that the SignalDesktop application stored the message decryption key in plain text, exposing the key to hacker attacks.
The signal desktop application stores the message decryption key in plain text, which may be exposed to attackers. The problem was discovered by reverse engineering researcher Nathaniel Suchy.
The vulnerability can affect the process of encrypting locally stored messages in the Signal Desktop application.
The Signal Desktop application uses an encrypted SQLite database called "db.sqlite" to store user information. The encryption key of the encrypted database is generated by the application during the installation process.
The key is stored in plain text in the local file "%AppData%\ Signal\ config.json" on Windows PCs and the local file on Mac "~/Library/ Application Support/ Signal/ config.json".
The Signal Desktop application needs to use the encryption key every time it accesses the database.
Signal Desktop key
According to a post posted by Bleeping Computer on the blog: “To illustrate the problem, BleepingComputer installed the SignalDesktop application and sent some test messages. As shown in the figure above, first, we open the'config.json' file to obtain the encryption key. key".
"Next, we use the SQLite database browser program to open the database located at'%AppData%\Roaming\Signal\sql\db.sqlite'".
After entering the password, Bleeping Computer experts can read the contents of the database.
It is not difficult to fix this vulnerability. Users only need to set a password for encrypting the database encryption key.
"Users only need to set a password to encrypt the key, and the vulnerability can be easily mitigated." So Suzi told Bleeping Computer.
In August 2018, Italian cybersecurity enthusiast Leonardo Porpora discovered that it is not impossible to successfully restore expired messages in Signal version 1.12.3.
Solar Pump Inverter,Solar Pump Control Inverter,Frequency Inverter For Solar Pump,Single Phase Solar Pump Inverter
Zhejiang Kaimin Electric Co., Ltd. , https://www.ckmineinverter.com