Encrypted messaging platform Signal has responded to widespread claims concerning a potential zero-day vulnerability, asserting that no evidence corroborates the reports. Following thorough internal investigation, the company stated it has found no indications that such a flaw exists. Signal emphasized that additional information has not been communicated through official channels, as outlined in a series of posts on X (formerly Twitter).
The company further clarified that consultations with U.S. government entities yielded no substantiation of the vulnerability claims. Signal is actively inviting anyone with verifiable information to reach out at security@signal[.]org to share their findings.
This announcement coincides with reports that emerged over the weekend, suggesting a serious zero-day vulnerability in the Signal application. Allegedly, this flaw could enable complete unauthorized access to a targeted mobile device.
For user safety, Signal has recommended disabling the link previews feature within the application. Users can do this through the Signal Settings menu, navigating to Chats, and selecting the option to generate link previews.
This information surfaces amid reporting by TechCrunch, which revealed that zero-day exploits targeting popular messaging applications such as WhatsApp are fetching prices between $1.7 million and $8 million. Such vulnerabilities in platforms like Signal, iMessage, and WhatsApp are particularly enticing to state-sponsored threat actors, as they can serve as entry points for executing remote code on mobile devices and conducting surveillance through sophisticated exploit chains.
Additionally, Amnesty International recently reported spyware attempts against journalists, activists, and officials across the U.S., Europe, and Asia. These attempts have been traced back to a spyware tool named Predator, designed by a consortium known as the Intellexa alliance, which aims to compromise mobile devices remotely.
During the first half of 2023, social media platforms such as X and Facebook were used to target a minimum of 50 accounts belonging to 27 individuals and 23 institutions, with connections noted to Vietnam-based clientele. These targeted campaigns are believed to have utilized anonymous accounts to distribute links that deliver the Predator malware. The threat actor responsible, monitored by Citizen Lab under the name REPLYSPY, exemplifies the persistence and sophistication of contemporary cyber threats.
The operational capabilities of Predator spyware are managed via a sophisticated web-based system termed the ‘Cyber Operation Platform.’ This interface allows operators to launch attacks against targeted mobile devices and extract sensitive data, including location information, photographs, chat conversations, and audio recordings from compromised systems.
Intellexa offers various products facilitating these operations, including Mars, which reroutes unencrypted HTTP requests from smartphones to Predator infection servers, and Jupiter, which expands capabilities to inject code into encrypted HTTPS traffic but is limited to domestic websites hosted by local ISPs.
In addition, recent findings reported by Haaretz indicated commercial surveillance companies are exploring ways to exploit the global digital advertising industry to infect mobile devices worldwide, enhancing their malicious operations. This evolving landscape underscores the imperative for business owners to remain vigilant and informed about cybersecurity threats.
