The best Xiaomi electric scooters have exclusive discounts on AliExpress

with one call you could spy on others

It was especially sounded the serious bug that was discovered in FaceTime early 2019: the bug It allowed you to hear and see who you were calling in a group before they picked up. It was so bad that Apple disabled the feature until it fixed this major privacy issue discovered by a teenager.

History, now, we know that it has been repeated in other applications dedicated to instant messaging and calls included. We are talking about Signal, Facebook Messenger, Google Duo, JioChat and Mocha have been affected.

Signal, Facebook Messenger, Google Duo, JioChat and Mocha had a similar problem discovered in FaceTime two years ago: making a call it was possible to spy on the user who was being telephoned

Listening without permission before users go off-hook

Business 3243010 1920

The problems have been found by Google Project Zero security researcher Natalie Silvanovich, who wondered if similar errors could be occurring on other platforms since this mistake had never been considered possible and, moreover, it was easy to achieve.

"The bug was notable in both its impact and its mechanism. The ability to force a target device to transmit audio to an attacking device without obtaining code execution. it was an unusual and possibly unprecedented impact of a vulnerability", he explained this Tuesday.

The errors found and already fixed in Signal, Facebook Messenger, Google Duo, JioChat, and Mocha allowed forcing called devices to stream audio to the calling devices without having to get the code executed. Also, in some of it, video could be transmitted.

The researcher has also found an error in WhatsApp that allowed the application to be compromised or collapsed just by answering a call

Signal exceeds 50 million downloads on Android and Telegram passes 500 million users: yes, privacy matters

It would seem logical that the transmission of audio or video in a call did not start to be made until the user receiving the call did not accept it, however, it didn't happen like that as Silvanovich found. Various vulnerabilities allowed calls to be established without the receiving user answering the call.

Signal problem was fixed in September 2019, Facebook Messenger in November 2020, Google Duo in December 2020, JioChat's in July 2020 and Mocha's in August 2020. It should be noted that the researcher only looked for vulnerabilities in individual calls and not in group calls, as highlighted in the published article. A piece in which he also points out the finding in WhatsApp of an error that allowed the application to be compromised or collapsed just by answering a call.

Silvanovich also tried to search bugs similar in other applications like Telegram and Viber, although he did not find this type of problem in the calls.