Although patched now, if exploited, these vulnerabilities posed a major threat to user’s privacy and security.
Google Project Zero researcher Natalie Silvanovich disclosed vulnerabilities in several video conferencing and messaging applications that could allow malicious users and threat actors to eavesdrop without getting detected.
The vulnerabilities allowed attackers to listen to the surroundings of the person they called even before the call is picked up. It is worth noting that the details of this particular bug were also reported back on November 20th, 2020 in Facebook Messenger.
According to Silvanovich, these were logic bugs found in Google Duo, Signal, JioChat, Facebook Messenger, and Mocha messaging apps.
“I investigated the signaling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data,” Silvanovich wrote in a blog post.
Bugs Identified Back in 2019
As reported by Hackread.com, the vulnerabilities were discovered in January 2019 in Apple’s FaceTime group chat feature and allowed users to initiate a FaceTime video call and spy on targets by merely adding their number as a third person in a group chat before the person accepted the incoming call.
The vulnerability was extremely severe and Apple removed the group chat features from FaceTime until the issue was resolved in an signal google messenger vulnerabilities allowed eavesdropping
