As reported by TechRadar, vulnerabilities found in Signal, Google Duo, Facebook Messenger, and other messaging apps allowed attackers to listen in on users without their permission, security experts have warned.
“On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent,” Natalie Silvanovich, a security engineer at Google’s Project Zero, wrote.
Following the discovery of the FaceTime vulnerability, Project Zero found similar flaws affecting Signal, Google Duo, Facebook Messenger, JioChat, and Mocha. No issues were found in the Telegram or Viber apps after they were also investigated. The security flaws, which required little technical skill to exploit, have all since been patched.
<p style=\"font-weight: 400;\">Google’s Project Zero research team do a magnanimous job in keeping possible threats from hitting our phones. Vulnerabilities that can occur without even requesting that the victim touch their device have the capability of causing havoc around the world, so it is vital that teams such as this continue to test and patch any zero-day threats they uncover. These threats are usually patched very quickly. Plus, Signal is open source which makes it easier to patch and keeps costs down.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">In recent years we have seen problems arise from similar zero-click threats such as the infamous Pegasus spyware, but luckily for us this spyware and the threats uncovered by the Project Zero team have all since been patched, so make sure you always keep all your apps’ and your device’s operating system up to date.</p>