![]() As Java is a type-safe language, this doesn't cause a memory corruption condition, but the researchers found that the overflow could be used to subvert the program logic by adding random data equal to 4 GB + 1 byte to an encrypted attachment. However, "file.length()" returns a 64-bit signed integer, and it may be a lot longer than remainingData can handle. The "remainingData" variable is a 32-bit signed integer, calculated from the length of the file minus the length of its message authentication code (MAC). Int remainingData = (int) file.length() - mac.getMacLength() The error occurs in the following line of code: While reviewing the Java code used in the Android version of the Signal app, they found a classic coding error - an overflow bug. The whole project is open source, so anyone can see how the encryption and the other security mechanisms have been implemented, which is exactly what researchers Jean-Philippe Aumasson and Markus Vervier decided to do. The Signal app code is also used by the WhatsApp messaging app. ![]() ![]() All of the messages sent between devices running the app are encrypted end-to-end, and it has been downloaded well over a million times. Signal is a private messaging app made by Open Whisper Systems for iPhone and Android devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |