Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal

Signal group video call

Google’s Project Zero security team found a bug that lets audio and video be transmitted without user interaction in five messaging apps. These are Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. All bugs have been fixed.

I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. All these vulnerabilities have since been fixed. It is not clear why this is such a common problem, but a lack of awareness of these types of bugs as well as unnecessary complexity in signalling state machines is likely a factor.

Check It Out: Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!