When I press on some message to forward it, it shows me Random usernames of contacts I don’t know. And it even shows some Mobile Numbers I don’t know. For example, one number starts with +964 that’s Iraq. I’m from Europe tho. These contacts and numbers are from all over the place.

Edit: This only happens on Signal Desktop. If I try to forward a message on Android it only shows my Contacts. And none of these unkown ones.

  • Elias Griffin
    link
    English
    1
    edit-2
    1 year ago

    This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don’t use Flathub for security reasons so I don’t know if you can even isolate the PID? Anyone know?

    I don’t want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as “wow shouldn’t be there/running” when you run these commands come back to us:

    1. ps the PID of Signal or secondarily, Flathub
    2. lsof -p PID
    3. strace
      • sudo strace -f -t -e trace=file -p PID
    4. sysctl kernel.randomize_va_space
      • pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability