Signal, the encrypted messaging app, has refuted claims of a zero-day vulnerability in its software, stating that it found no evidence to support the alleged flaw. The company conducted a thorough investigation and also consulted with the U.S. government, which could not validate the claim. Signal urged individuals with credible information to report to security@signal[.]org.
This comes in the midst of reports regarding a zero-day vulnerability in Signal that could potentially provide full access to a targeted mobile device. As a security measure, users have been advised to disable link previews in the app.
Furthermore, the cybersecurity community is on high alert as reports have emerged of zero-day exploits being sold for messaging apps like WhatsApp, with prices ranging from $1.7 to $8 million. Zero-day vulnerabilities in popular apps such as iMessage, Signal, and WhatsApp have become lucrative entry points for nation-state threat actors, enabling them to execute remote code on mobile devices and conduct covert surveillance operations.
Amnesty International recently revealed that spyware attacks have been launched against journalists, politicians, and academics across the European Union, the United States, and Asia, with the aim of deploying Predator, developed by a consortium known as the Intellexa alliance. Social media platforms have been used for publicly targeting individuals and institutions, with a particular focus on espionage and cyberattacks against those associated with Vietnam.
The report also highlights the role of Intellexa’s Predator spyware, which is managed through a web-based system termed the ‘Cyber Operation Platform.’ This platform allows spyware operators to initiate attacks on target phones, potentially accessing sensitive information such as photos, location data, chat messages, and microphone recordings from infected devices.
Additionally, Intellexa offers products like Mars and Jupiter, which are designed to inject spyware into mobile operator ISPs and manipulate encrypted HTTPS traffic for surveillance purposes.
Commercial surveillance vendors are increasingly utilizing the digital advertising ecosystem to target and infect mobile devices globally through ad networks, posing significant cybersecurity challenges.