The usage of video conferencing applications has increased in the past few months where people use such apps for attending their office meetings, attending school or college lectures, or any other important business dealings. However, researcher found several kind of bugs in such apps due to which the conversation of users is not safe at all. You should be aware of these bugs which hackers can use to get access to your data and call history. They even can control your call and make the call on your behalf.
Hackers have become smart in their field that they even don’t need to take your permission to get access to users’ surroundings, before attending the call, your data may be in the hands of the attackers. These bugs may break your trust in such apps.
These bugs make the attacker transmit the audio to the attacker’s device without using the code execution. These bugs were found by the security researcher Natalia Silvanovich in the Signal app. However, it is said that the bugs of Google Duo, Facebook Messenger, JioChat, and Mocha app are under control.
The researcher found this bug by observing the seven-signalling state of machines and she found 5 devices were having trouble, which forced the users of these devices to transmit the audio of their calls to the hacker’s device. She also found that hackers can get access to your video data too.
According to the researcher, the callee should have permission whether to attend the video or audio call and before the transmission, and this must be ensured. This will make the matter pretty simple because when the receiver will give the access only then transmission should start, before any track to the peer connection.
Most of the applications allowed the calls to be connected without any permission or interaction from the receiver of the call. This may cause bugs that the attackers use. Google Duo bugs allowed the callee to leak the video before the person even received it. This bug was fixed in December 2020. Facebook Messenger had the bug of connecting the audio call before the call got the answer from the other person. However, this bug was also fixed in November 2020. JioChat and Mocha also had the same vulnerability, which is also fixed now.
Silvanovich is also warning the WhatsApp messaging app to review these bugs before the attacker may get the access to users’ data.
Photo: alexsl / Getty Images
Read next: Over 13 Dozen Android Apps With Millions of Downloads Get Removed from Google Play Store for Disruptive Ads
Hackers have become smart in their field that they even don’t need to take your permission to get access to users’ surroundings, before attending the call, your data may be in the hands of the attackers. These bugs may break your trust in such apps.
These bugs make the attacker transmit the audio to the attacker’s device without using the code execution. These bugs were found by the security researcher Natalia Silvanovich in the Signal app. However, it is said that the bugs of Google Duo, Facebook Messenger, JioChat, and Mocha app are under control.
The researcher found this bug by observing the seven-signalling state of machines and she found 5 devices were having trouble, which forced the users of these devices to transmit the audio of their calls to the hacker’s device. She also found that hackers can get access to your video data too.
According to the researcher, the callee should have permission whether to attend the video or audio call and before the transmission, and this must be ensured. This will make the matter pretty simple because when the receiver will give the access only then transmission should start, before any track to the peer connection.
Most of the applications allowed the calls to be connected without any permission or interaction from the receiver of the call. This may cause bugs that the attackers use. Google Duo bugs allowed the callee to leak the video before the person even received it. This bug was fixed in December 2020. Facebook Messenger had the bug of connecting the audio call before the call got the answer from the other person. However, this bug was also fixed in November 2020. JioChat and Mocha also had the same vulnerability, which is also fixed now.
Silvanovich is also warning the WhatsApp messaging app to review these bugs before the attacker may get the access to users’ data.
Photo: alexsl / Getty Images
Read next: Over 13 Dozen Android Apps With Millions of Downloads Get Removed from Google Play Store for Disruptive Ads
