Signal, Google Duo, Facebook Messenger and many other such messaging apps have been found with vulnerabilities as it has let attackers listen in on users calls without consent.
A security engineer at Google’s Project Zero, Natalie Silvanovich said, “On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent.”
“The bug was remarkable in both its impact and mechanism. The ability to force a target device to transmit audio to an attacker device without gaining code execution was an unusual and possibly unprecedented impact of a vulnerability.”
After they had found the FaceTime vulnerability, Project Zero had found other such issues that had an effect on Signal, Google Duo, Facebook Messenger, JioChat, and Mocha. Other apps like Telegram and Vibra did not have any problems with them. Since they had been found, the flaws have all been patched with ease.
Even though Project Zero had only looked into one-to-one calls, a lot of flaws had been found. Group calls is a feature that had not been investigated, although that might bring in even more issues, according to Silvanovich.