Bugs in Signal, Facebook, Google Chat Apps Let Attackers Spy on Users

by
requerdanos
from SoylentNews on (#5D6HS)

upstart writes in with an IRC submission for Runaway1956:

Bugs in Signal, Facebook, Google chat apps let attackers spy on users:

Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.

The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.

However, before being patched, they made it possible to force targeted devices to transmit audio to the attackers' devices without the need of gaining code execution.

"I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data," Silvanovich explained.

[...] "The majority of calling state machines I investigated had logic vulnerabilities that allowed audio or video content to be transmitted from the callee to the caller without the callee's consent," Silvanovich added.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments