The encrypted messaging app Signal has refuted widespread claims of a zero-day software vulnerability. After an investigation, the company has found no substantiated evidence supporting the existence of this purported flaw.
In a series of social media posts on X (formerly Twitter), Signal stated that they had found no evidence of the claimed vulnerability and urged individuals with credible information to submit reports to security@signal.org.
PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability.
— Signal (@signalapp) October 16, 2023
After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.
The development unfolds amid a broader cybersecurity landscape, with reports emerging over the weekend regarding a zero-day exploit in Signal, which could potentially provide unauthorized access to a targeted mobile device.
“A zero day exploit for signal was discovered that gives access to your full device,” wrote Blackswan CEO Mike Saylor on LinkedIn on Sunday.
Additionally, it’s worth noting that various users on Mastodon, a decentralized social media platform, also seemed to mention the same vulnerability, adding to the complexity of the situation.
In light of these concerns, users were recommended to turn off link previews within the Signal app for added security. This can be achieved by navigating to Signal Settings > Chats > Generate link previews.
Read more on messaging apps' security: Malicious WhatsApp Mod Spotted Infecting Android Devices
However, Signal took to X to clarify its position, indicating that they had consulted with individuals in the United States government, as the original report cited the USG as the source. Signal added, “Those we spoke to have no information suggesting this is a valid claim.”
While Signal maintains its stance that there is no substantiated evidence of the aforementioned zero-day vulnerability, they did encourage those with fresh, credible information to engage with their security team.
Given the evolving nature of this investigation and the recommended precaution to temporarily deactivating the link previews feature, users may consider it prudent to disable this setting until the authenticity of the alleged vulnerability is definitively determined.
Editorial image credit: rafapress / Shutterstock.com