Signal App TLS Proxy Vulnerability Gets Exposed by Researchers, Signal Bans Them Instead

Signal, a known messaging platform that has pioneered end-to-end Encryption has been recently blocked by the Iranian government for Censorship issues.

Signal App TLS Proxy Vulnerability Gets Exposed by Researchers, Signal Bans Them Instead
Screenshot Youtube Video by Tech Crunch

As first reported by Slash Gear, the messaging app has suggested a TLS proxy for its users in Iran in an attempt to bypass censorship and privacy limitations. However, multiple researchers have intervened in the process and have managed to see vulnerabilities in the work around that can allow government officials to access Signal TLS proxies, removing the protection.

The researchers who discovered the vulnerabilities through Signal's Github repository have their reports taken down by Signal. On the other hand, the messaging app which was seen as a potential tool for users in repressive regimes was banned by the Iranian government

How the Signal TLS Proxy is Supposed to Bypass Government Censorship

They have published the proxy suggestion in a blog entitled "Help users in Iran reconnect to Signal" in their official website. The workaround details another way to bypass Iran's censorship.

The proxy which can be accessed through the GitHub repository can help users escape from the government's radar. Users will execute a few commands, administer the proxy, and participate in the #IRanASignalProxy tweet.

Researchers Banned from GitHub Repository

Moxie Marlinspike, Signal's founder said that reports such as the concerns of the researchers were not given attention due to the volume of reports that they get every day. Thus, they have to be dealt with accordingly.

When BleepingComputer asked why the researchers' concerns did not receive a response, Marlinspike told BleepingComputer that Signal gets a large volume of these reports and has to prioritize issues accordingly.

However, shortly after the researchers aired out their concerns, they were removed from the repository. The issue page filed was also removed from GitHub and now shows as a 404 error message.

According to Signal, they were removed due to the rude comments and inappropriate statemenst that were postd by the researchers that were difrcted to the volunteers. Signal suggests that this is a violation of the company's code of conduct.

Researchers have responded to the issue by saying "They claimed to help people in censorship, but they in turn censor whistleblowers."

On Twitter, Marlinspike cleared things about the alledged security issue and the reason behind the removal of said Github researcher.

For others, Signal's move in taking down a public post is just a precautionary action while taking measures to investigate a better solution. Moreover, they do not want to bring up adversaries while trying to fix the problem.

Related Article: Michigan State Police Denies their Use of End-to-End Encryption Violates FOIA

This article is owned by Techtimes

Written by Nikki D

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics