Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump woupd reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That’s incredibly unlikely for a regular citizen, but it’s a lot more likely for an important position like the head of the Department of Defense or something.
NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
Same. I’m just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples’ questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
Fundamentally the biggest security vulnerability in every peice of software is the end user. It does not matter how intelligently the software is designed, no amount of preparation can handle the users. That is not to say Signal has no security vulnerabilities but almost nothing can stop someone from inviting a random reporter (if they explicitly invited them). Furthermore I have a conspiracy theory of sorts, I dont think it was a mistake. I think Trumps own administration is trying to backstab him. Maybe they had ideas of becoming more powerful, maybe they thought Trump woupd reduce their power, but I feel that the amount of government leaks and just how complicated they are would suggest infighting.
What security vulnerabilities does signal have?
Heres a list of all current CVEs
The main issue I know about is in how messages are stored (the top CVE in that list). If a phone is compromised, all chat history could be exfiltrated. That’s incredibly unlikely for a regular citizen, but it’s a lot more likely for an important position like the head of the Department of Defense or something.
Im not a security researcher tbh and I havent extensively studied the security model of Signal (I use Matrix)
Same. I’m just generally pretty cyber-security curious, and have read a bit on this topic.
I think Signal and Matrix are absolutely fantastic. I use Signal as an SMS replacement and Matrix for group chats, and I whole-heartedly recommend both.
BTW, thanks for providing the CVEs, I hope that answers a few peoples’ questions about it. One thing to note is that a high number of CVEs is indicative of a lot of academic interest, which is a good indicator that a project is interesting to the security community. So seeing a lot of CVEs is a good thing, assuming the more critical ones get close quickly (and Signal does a good job keeping up with updates).
Yeah- that is a bit odd. Who and if not intentional, how?