By now, all of us become well informed of the benefits of the multiple video calling apps. With the ever-increasing integration of these handy and useful apps by individuals as well as all types of organizations, we are bound to be exposed to inevitable cyber-vulnerabilities. Recent researches have discovered numerous bugs in these apps which make them risky to use.
Threat actors have been found to take malicious advantage of these bugs to hack video conferencing calls between individuals. These can also help them access the users’ data and call history as well as gain remote control and make calls on the users’ behalf.
Hackers have gotten advanced in their field that they even don’t have to take consent to gain admittance to users’ devices. A user may not even notice and all their data might be in the possession of the assailants.
Bugs have been discovered in apps like the Signal app by security researchers. However, bugs in Google Duo, Facebook Messenger, JioChat are also said to be prevalent. These bugs allow the hackers to transmit the audio to their own devices without using the code execution.
A certain researcher found the bug in the Signal app by remarking the seven-signaling state of machines and found that 5 devices were having trouble, which forced the users of these devices to transmit the audio of their calls to the hacker’s device. Access to video data was also possible through the devices.
Typically, the callee has access to permitting the device to receive the video or audio call and it must be provided before the transfer. This will make the matter pretty simple because when the receiver will give the access only then transmission should start, before any track to the peer connection.
Most of the applications directly connected the call without asking permission or interacting with the user. This may allow the bugs that the hackers use. Facebook Messenger had the bug of connecting the audio call before the call got the answer from the other person. This bug was also fixed in November 2020. Google Duo bugs allowed the callee to leak the video before the person even received it. However, this bug was fixed in December 2020. JioChat and Mocha also had the same vulnerability, which is also fixed now.