Bugs in Signal, Facebook Messenger, JioChat apps

No featured articles available

Check back soon for the latest updates and featured content.

Vulnerabilities in multiple video conferencing apps such as Signal and FB Messenger allow the attackers to listen to the user’s surroundings without permission.

Natalie Silvanovich, Google Project Zero security researcher, discovered multiple flaws in the Signal, Facebook Messenger, JioChat, Google Duo and Mocha messaging apps and are now all fixed.

“I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data," explained Silvanovich.

"Theoretically, ensuring callee consent before audio or video transmission should be a fairly simple matter of waiting until the user accepts the call before adding any tracks to the peer connection.”

"However, when I looked at real applications, they enabled transmission in many different ways. Most of these led to vulnerabilities that allowed calls to be connected without interaction from the callee."

Silvanovich also looked for similar issues in other video conferencing apps including Viber and Telegram but couldn't find any.

Silvanovich also stated that most calling state machines had logic vulnerabilities that permitted audio or video content to be transmitted from the callee to the caller without the callee’s consent.

Signal addressed an audio call flaw in the Android version in 2019. JioChat fixed a flaw in the Android app in July 2020, and Mocha fixed a flaw in August 2020.

Facebook messenger addressed a flaw in November 2020, which allowed audio calls to connect before the call was answered.

The Google Duo solved the bug in December 2020 that allowed calls to leak video packets from unanswered calls to the caller.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Bugs in Signal, Facebook Messenger, JioChat apps

Vulnerabilities in multiple video conferencing apps such as Signal and FB Messenger allow the attackers to listen to the user’s surroundings without permission.

Share Your Story!

No featured articles available

Vulnerabilities in multiple video conferencing apps such as Signal and FB Messenger allow the attackers to listen to the user’s surroundings without permission.

Stay Updated with the Latest Cybersecurity News