Signal App Biometric Authentication Vulnerability in Android

A vulnerability exists in Signal App version 7.41.4 on Android, specifically within the Biometric Authentication Handler. This issue arises from the application failing to require re-authentication after biometric credentials are modified, such as when a new fingerprint is added. As a result, an individual with temporary physical access to the device and knowledge of the device's PIN or password can enroll their own biometric data. This allows them to unlock the Signal app without needing to enter the user's Signal PIN or password. Once accessed, they could read messages or impersonate the user. This vulnerability has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows unauthorized access to the Signal app, bypassing biometric authentication. This could lead to unauthorized access to messages and the ability to impersonate the user.

Reproduction

The vulnerability can be reproduced by adding a new fingerprint to a device that has Signal App installed. After enrolling the new biometric credential, the app can be unlocked without re-entering the user's Signal PIN or password, exploiting the lack of authentication validation after biometric modifications.