Signal and other video chat apps found to have some major security flaws

News
By published

Google's Project Zero security team found an alarming number of vulnerabilities

Signal
(Image credit: Shutterstock)

Vulnerabilities found in Signal, Google Duo, Facebook Messenger, and other messaging apps allowed attackers to listen in on users without their permission, security experts have warned.

“On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent,” Natalie Silvanovich, a security engineer at Google’s Project Zero, wrote

“The bug was remarkable in both its impact and mechanism. The ability to force a target device to transmit audio to an attacker device without gaining code execution was an unusual and possibly unprecedented impact of a vulnerability.”

Following the discovery of the FaceTime vulnerability, Project Zero found similar flaws affecting Signal, Google Duo, Facebook Messenger, JioChat, and Mocha. No issues were found in the Telegram or Viber apps after they were also investigated.

Video vulnerabilities

The security flaws, which required little technical skill to exploit, have all since been patched.

In most cases, the vulnerabilities enabled unauthorized personnel to listen in on a call recipient without requiring any interaction from said recipient. The Signal bug, patched in September 2019, allowed an individual to listen in on the recipient’s surroundings, for example, while a Google Duo flaw caused the leak of video packets from unanswered calls.

The Facebook Messenger bug allowed audio calls to connect before the call was answered, while similar issues were discovered affecting both the JioChat and Mocha messaging services.

Given that Project Zero’s investigation only looked at peer-to-peer calls, an alarming number of vulnerabilities were discovered. Group calling features were not looking into, though Silvanovich said that this is an area that could reveal additional problems.

Via Bleeping Computer

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
Latest in News
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
an image of the Samsung Galaxy S24 Ultra
Finally! One UI 7 has a release date - here are the Samsung phones that’ll get it first
Google Cloud logo
Google to acquire cloud security platform Wiz in $32 billion deal
GIMP 3.0 interface from the website
Our favorite free photo editor finally got the update it deserves - and these are the top 5 features designers should know about
More about security
DeepSeek on a mobile phone

More US government departments ban controversial AI model DeepSeek
Trojan

Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
A graphic showing someone on a tablet working through a supply chain.

How phishing attacks are hitting the supply chain – and how to fight back
See more latest
Most Popular
Images showing green OLED with microscope close-up and illustration of helical stacks
New OLED pixel breakthrough could make TVs, phones, watches and more much more energy efficient – and brighter
Maui and Moana stand on a beach looking smug
Moana 2 achieves demigod status as the movie sets new streaming record on Disney+
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 19 (game #381)
BYD Han L
BYD’s latest electric vehicle platform can add 249-miles of range in just five minutes – your move Tesla!
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 19 (game #1150)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Wednesday, March 19 (game #647)
Starfield
Starfield could be getting a PS5 release after fans spot a PlayStation logo on work-in-progress Creation
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent