Navigation
Search
|
Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal
Tuesday January 19, 2021. 08:06 PM , from TheMacObserver
Google’s Project Zero security team found a bug that lets audio and video be transmitted without user interaction in five messaging apps. These are Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. All bugs have been fixed.
I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. All these vulnerabilities have since been fixed. It is not clear why this is such a common problem, but a lack of awareness of these types of bugs as well as unnecessary complexity in signalling state machines is likely a factor. Tags: Google, Project Zero, Security
https://www.macobserver.com/link/p0-audio-video-bug/?utm_source=macobserver&utm_medium=rss&utm_campa...
|
46 sources
Current Date
Apr, Wed 24 - 17:16 CEST
|