Facebook Messenger, Signal, Google Duo, Mocha or JioChat… are a set of messaging services that are affected by security vulnerabilities deemed critical by Google experts.
The Google experts we are referring to here are those of the famous Project zero, the specialists in the search for flaws and bugs of the American giant that have proven themselves several times.
Let's talk about a researcher from the group, writes Natalie Silvanovich. She recently discovered in a study of several exchange platforms that vulnerabilities that can be considered quite serious affect some pretty famous couriers. "I found bugs that can transmit audio and video without the user's consent on five mobile apps, including Signal, Google Duo and Facebook Messenger," she posted on Twitter.
This article will also interest you: How to hack a Facebook account?
According to the Google researcher, these vulnerabilities have their roots in another security flaw discovered since 2019, the FaceTime Video bug. A flaw that allowed a hacker to spy on iPhone users without their knowledge. Not to mention that he also had the opportunity to be added during a group conversation through the menu of options. In other words a rather serious vulnerability.
"I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger," she posted on her Twitter account on January 19, 2021. In French it gives: "I found logic bugs that allow to transmit audio or video without the consent of the user in five mobile applications including Signal, Duo and Facebook Messenger."
So the issue here was whether the FaceTime Video security flaw had spread to other devices. In asking this question, the Project Zero researcher then set out to conduct a much more in-depth search on the various messaging applications are Signal, Mocha, JioChat, Facebook Messenger and Google Duo. She discovered some very interesting vulnerabilities.
– Facebook Messenger: On this app, the hacker had the ability not only to connect to the app, but also to simultaneously launch a call while sending a corrupted message. The latter could also receive audio via the app.
– Signal: Thanks to the vulnerability on this application, it is impossible for the cybercriminal to be able to hear everything that was going on in the message recipient environment.
– Google Duo: "A competitive situation between disabling the video and setting up the connection, which in some situations can lead to the leak of video packages after several unanswered calls" as Natalie Silvanovich explains
The researcher also explains that these security vulnerabilities have already been fixed. Users are encouraged to apply the correction update.
Now access an unlimited number of passwords: