acm-header
Sign In

Communications of the ACM

ACM TechNews

Messaging Apps Have an Eavesdropping Problem


media and eavesdropping icons, illustration

Credit: Elena Lacey / Wired

Google's Project Zero researcher Natalie Silvanovich found several "interaction-less" vulnerabilities in messaging apps. These remote eavesdropping bugs do not require users to click a malicious link, download an attachment, or interact in any way.

The bugs, all of which have been patched, involved exposing audio only in Signal and Facebook Messenger, video only in Google Duo, and both audio and video in JioChat and Viettel Mocha. Silvanovich found that some of the vulnerabilities were related to developers misunderstanding or poorly implementing features from the WebRTC open source project, as well as flaws in design decisions related to when and how the service sets up calls.

"A reason a lot of these bugs happened is, people who designed these systems didn't think about the promises they were making in terms of when audio and video are actually being transmitted and verify that they were being kept," Silvanovich said.

From Wired
View Full Article – May Require Paid Registration

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found