The researcher found a loophole in the Facebook Messenger application that allows hackers to listen to voice conversations that take place on the target device. Whereas, the JioChat and Viettel Mocha apps contained loopholes that allowed access to audio and video at the same time.

As for the Signal application, it contained a loophole that allowed the hacker to access the audio content on the platform within calls. While the loophole in the Google Duo app allowed access to the video, but for a few seconds. However, it was enough for the hacker to capture some frames.

Silvanovic stated that all of these vulnerabilities were fixed after she reported them. And one of its main reasons is to rely on the open source WebRTC project to provide real-time communication services.

Any app on any smart device or platform can suffer from security vulnerabilities, and this is normal. However, the emergence of these vulnerabilities in messaging applications is more serious. As it directly threatens users’ privacy and security.

Most messaging apps have a history of security vulnerabilities. Including the well-known FaceTime app from Apple. Which in 2019 suffered from a very dangerous vulnerability that allowed hackers to activate the microphone and camera in conference calls and eavesdrop on them.

And this vulnerability was so serious that Apple completely canceled the group communication feature within the application for a period of time, until the problem was completely resolved. What increased the seriousness of this vulnerability is that it does not require any action on the part of the user.

Serious vulnerabilities have been found in major messaging apps, such as Signal, Google Duo and Facebook Messenger. Along with other global apps like JioChat and Viettel Mocha.

Silvanovic has stated that she thought the vulnerability that appeared in FaceTime previously was so special that it would not appear again, but she is wrong about that.


READ ALSO : Microsoft patches malicious Office file exploits

Related Articles
Leave a Reply

Your email address will not be published. Required fields are marked *