A security researcher from Google’s Project Zero has found several vulnerabilities in most of the popular messaging apps, that would let attackers hear the target’s surroundings without his consent. The bugs were specified in the calling function of these apps, where a caller can hear the audio, and sometimes view the video, before the call was accepted.
Patched Bugs in Calling Functionality
Natalie Silvanovich , a security researcher from Google Project Zero has discovered various logic bugs in several instant messengers, that would let an attacker to snoop on the target. She spotted five bugs in seven video conferencing apps, that transmit the audio/video even before the callee accepts the call request.
I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger https://t.co/PlB0PzLzjJ — Natalie Silvanovich (@natashenka) January 19, 2021
