Messenger problems: vanishing messages in Signal for Mac are not permanently deleted

Information security researcher Alec Muffett discovered the possibility of recovering disappearing messages in the Mac version of the secure messenger Signal. As a result, sensitive user information may be at risk.

What is the problem

Another researcher Patrick Wardle (Patrick Wardle) was able to understand the reasons for the incorrect work of the messenger. According to him, macOS creates copies of the disappearing messages in a special, readable database in the Notification Center operating system - for long messages, only a part of them is copied. From this source, they can be restored at any time after the message is deleted from the Signal database itself.

')

In addition, the researcher found that when you enable notifications for the Signal application in the macOS service, it will display notifications for the disappearing messages, including in the form of abbreviated messages (usually they include the first lines of the message).







As a result, the disappearing messages can be saved in the user interface of the notification center and displayed on the notification panel even after they are deleted. A copy of the abbreviated message is also stored in the SQLite database of the notification center, which can be accessed by a user with normal privileges — or a malicious application.



To protect the content of messages, experts recommend turning off the notification function until Signal developers fix the problem.

Not only Signal

Not only Signal users have recently been faced with security problems, but also WhatsApp - iOS and Android versions of the application become victims of text bombs that disable them.



Users receive two kinds of messages. The first contains the text “This is very interesting”, a smiley and the “Read more” link. When you click on it, the application freezes. The second text message contains the text “If you touch the black point then your WhatsApp will hang” (“If you touch the black point, your WhatsApp will hang”). Indeed, when you click on a point, the application freezes.



In order to return the smartphone to a working state in both cases, you need to restart it, in order to avoid problems in the future, you should delete the chat containing the “bomb”.