acm-header
Sign In

Communications of the ACM

Home/News/Messaging Apps Have an Eavesdropping Problem/Full Text
ACM TechNews

Messaging Apps Have an Eavesdropping Problem

By Wired
August 10, 2021
Comments
View as: Print Mobile App Share:
media and eavesdropping icons, illustration

Credit: Elena Lacey / Wired

Google's Project Zero researcher Natalie Silvanovich found several "interaction-less" vulnerabilities in messaging apps. These remote eavesdropping bugs do not require users to click a malicious link, download an attachment, or interact in any way.

The bugs, all of which have been patched, involved exposing audio only in Signal and Facebook Messenger, video only in Google Duo, and both audio and video in JioChat and Viettel Mocha. Silvanovich found that some of the vulnerabilities were related to developers misunderstanding or poorly implementing features from the WebRTC open source project, as well as flaws in design decisions related to when and how the service sets up calls.

"A reason a lot of these bugs happened is, people who designed these systems didn't think about the promises they were making in terms of when audio and video are actually being transmitted and verify that they were being kept," Silvanovich said.

From Wired
View Full Article – May Require Paid Registration

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account