Signal Desktop Finally Addresses Long-Standing Security Flaw
After years of criticism regarding how it stored plain text encryption keys, secure messaging app Signal has finally addressed a long-standing security flaw in its desktop client. The flaw, which was discovered in 2018, allowed anyone with access to a user’s computer to potentially retrieve the encryption key for the user’s messages, rendering the database’s encryption useless.
The issue resurfaced recently when Elon Musk tweeted about unspecified vulnerabilities in Signal, which some interpreted as an attempt to promote Telegram as a more secure alternative. Signal President Meredith Whittaker responded, asserting that there were no known vulnerabilities that needed addressing and that the company adheres to responsible disclosure practices. However, independent security researchers highlighted that Signal Desktop still stored the encryption key in plain text, making user data vulnerable to exfiltration.
In response to the ongoing criticism, Signal has implemented support for Electron’s SafeStorage API. This new security feature is set to be available in an upcoming Beta version. The implementation includes troubleshooting steps and a temporary fallback option.
This is a welcome change for Signal users who have been concerned about the security of their data. Signal is a popular messaging app, especially among those who value privacy and security. This update will help to ensure that Signal users can continue to communicate securely.