 |
| Identify critical vulnerabilities in messaging apps |
Any smart device or app on the platform can have security flaws, which is normal. However, these vulnerabilities are more serious in messaging apps. Because it directly threatens the privacy and security of users.
Most of the messaging apps had security flaws in the past. Including the popular FaceTime app from Apple. It suffered a very serious vulnerability in 2019 that allowed hackers to activate and eavesdrop on microphones and cameras during conference calls.
This vulnerability is so serious that Apple has paused the group calling functionality in the app until the issue is completely resolved. The seriousness of this vulnerability is compounded by the fact that it does not require user intervention.
This is because most security vulnerabilities force the user to take certain actions, such as: b- Pressing a button or opening a malicious link. However, this loophole and others do not need it.
In general, these vulnerabilities can reach a high level of risk. This allows hackers to make or receive calls from your mobile phone themselves. That's what researcher Natalie Silvanovic, who works on Google Project Zero, says.
Weaknesses in messaging apps
Silvanovic has been working for many years to uncover serious vulnerabilities in messaging apps. In particular, vulnerabilities that do not require user intervention are referred to as "no interaction". I revealed my findings not long ago at a black hat security meeting.
Serious vulnerabilities have been found in major messaging apps such as Signal, Google Doo, and Facebook Messenger. And other universal apps like JioChat and Viettel Mocha.
Silvanovic said she thought the vulnerability that appeared previously in FaceTime was very private and would not return, but she was wrong.
Researchers have discovered a security flaw in the Facebook Messenger app that allows hackers to eavesdrop on voice conversations taking place on the target device. JioChat and Viettel Mocha apps contain vulnerabilities that allow simultaneous access to audio and video.
As for Signal, it contains a vulnerability that allows hackers to access the platform's audio content during a call. Although a security flaw in the Google Duo app allowed access to the video, it only took a few seconds. However, it is enough for the hacker to take certain photos.
Silvanovic said that all of these vulnerabilities were fixed after she reported them. One of the main reasons is to rely on the open source WebRTC project to provide real-time communication services.