File and Chat disclosure by calling the device while its in locked state

Vulnerability Research Bug Bounty

File and Chat disclosure by calling the device while its in locked state

Talk app allows access to sensitive chat messages on lockscreen during a call

Summary

An attacker with physical access can gain access to the chat messages and files of the user by calling the victim phone while its in locked state.

This happens because the app did not properly detect the lockscreen state when a call was incoming.

Nextcloud was able to fix this by enabling the Keyguard on the Talk app.

References

https://hackerone.com/reports/1338781

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41181

https://github.com/nextcloud/talk-android/pull/1585

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf