Also saddened that Signal has this large remote attack surface due to limitations in WebRTC. https://bugs.chromium.org/p/project-zero/issues/detail?id=1936 …
-
-
Wouldn’t with that logic every browser today have to gate all HTTP requests behind user interaction? And what does the user interaction buy you? That the user notices the app crashing and starting to worry if his/her devices is getting attacked right now?
-
The thinking is that: 1) a lot of users won’t pick up a call from a stranger, making bugs less likely to be useful to attackers
- 4 more replies
New conversation -
-
-
AFAIK this entire attack surface is ungated without user interaction for every Android user by default. Has Google done something to mitigate the risks you’re concerned about which we should also adopt in our app?
-
I'm not criticizing you or representing Android, I'm just stating that reducing attack surface is a good thing. I think being able to disable webrtc in a security focussed app would be desirable, I don't see how that's an attack against you?
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
