{"id":752,"date":"2021-01-21T11:54:48","date_gmt":"2021-01-21T11:54:48","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=752"},"modified":"2021-01-25T10:24:27","modified_gmt":"2021-01-25T10:24:27","slug":"bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/","title":{"rendered":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data!"},"content":{"rendered":"\n
Multiple vulnerabilities are found in video conferencing mobile applications that assist the attackers to steal user data with their permissions as the person picked up and ends the call.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
This bug was reported by Google security researcher Natalie Silvanovich that includes Signal, Facebook, Google Duo, Messenger, Jio Chat, Mocha messaging application.<\/p><\/p>\n\n\n\n
Before these bugs are patched they permit the hackers to force the users to get the transmitted audio send from sender to receiver without the code of execution.<\/p><\/p>\n\n\n\n
What Passed in this Bug?<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
According to Silvanovich, the entire investigation was signaling these video conferencing applications, and more than five vulnerabilities founded that permit the caller to force a callee device while transmitting the audio or video data. <\/p><\/p>\n\n\n\n
Theoretically, it is very important to take the callee consent before audio or video transmission. It shoulda fair and simple matter until or unless the user accepts the call before adding the tracks to the connection.<\/p><\/p>\n\n\n\n
The majority of messaging applications rely on WebRTC for communication purposes, while connecting the people and exchanging the information using the SDP tool between connected peers is called signaling.<\/p><\/p>\n\n\n\n
What is WebRTC?<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
When the users initiate a WebRTC call to another user then a session is created that is called an offer which contains all the information required for setting a connection. This entire process is a state machine which signifies that the signaling the exchange to the offer and while answering the current connection.<\/p><\/p>\n\n\n\n
Both the devices have to share the information while establishing the connection or exchanging the audio and video data from the peer-to-peer connection. But before this overall process works, and media data is stored and has to be attached in the connection called tracks.<\/p><\/p>\n\n\n\n
Therefore it is expected that with the callee concern no data is to be shared over a call.<\/p>\n\n\n\n
As per the investigation, the researcher said that they enable the transmission in several ways and let to the vulnerabilities that permit them to be connected without the callee concern.<\/p><\/p>\n\n\n\n
The security researcher also added that in Signal the vulnerability that was patched now will initiate a direct call to the sender with user interaction. Whereas in Google duo the bug spotted permits the callees to leaked the video packets even from the unreceived calls, which was fixed in December 2020. On the other hand, Facebook Messenger automatically connects the call before the callee answered.<\/p><\/p>\n\n\n\n
Whereas in July 2020 JioChat and Mocha messengers faced similar vulnerabilities that authorize the hacker to send audio and video without user consent.<\/p><\/p>\n\n\n\n
Conclusion<\/strong><\/h3>\n\n\n\n
The overall bug founded in these applications is that they allowed the hackers to transmitted the audio and video from callee to the caller with callee\u2019s permission. These vulnerabilities will be founded in peer-to-peer calls and didn\u2019t examine the group calling feature.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Multiple vulnerabilities are found in video conferencing mobile applications that assist the attackers to steal user data with their permissions as the person picked up and ends the call. This bug was reported by Google security researcher Natalie Silvanovich that includes Signal, Facebook, Google Duo, Messenger, Jio Chat, Mocha messaging application. Before these bugs are […]<\/p>\n","protected":false},"author":2,"featured_media":785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Multiple vulnerabilities are found in video conferencing mobile applications that assist the attackers to steal user data with their permissions as the person picked up and ends the call. This bug was reported by Google security researcher Natalie Silvanovich that includes Signal, Facebook, Google Duo, Messenger, Jio Chat, Mocha messaging application. Before these bugs are […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-21T11:54:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-25T10:24:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/data-breach.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data!\",\"datePublished\":\"2021-01-21T11:54:48+00:00\",\"dateModified\":\"2021-01-25T10:24:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\"},\"wordCount\":479,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\",\"url\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\",\"name\":\"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-01-21T11:54:48+00:00\",\"dateModified\":\"2021-01-25T10:24:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/","og_locale":"en_US","og_type":"article","og_title":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited","og_description":"Multiple vulnerabilities are found in video conferencing mobile applications that assist the attackers to steal user data with their permissions as the person picked up and ends the call. This bug was reported by Google security researcher Natalie Silvanovich that includes Signal, Facebook, Google Duo, Messenger, Jio Chat, Mocha messaging application. Before these bugs are […]","og_url":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-01-21T11:54:48+00:00","article_modified_time":"2021-01-25T10:24:27+00:00","og_image":[{"width":1200,"height":650,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/data-breach.png","type":"image\/png"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data!","datePublished":"2021-01-21T11:54:48+00:00","dateModified":"2021-01-25T10:24:27+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/"},"wordCount":479,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/","url":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/","name":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-01-21T11:54:48+00:00","dateModified":"2021-01-25T10:24:27+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/bugs-founded-in-facebook-signal-jio-chat-google-duo-that-sanctions-the-hackers-to-hijack-user-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Bugs Founded in Facebook, Signal, Jio Chat, Google Duo that sanctions the hackers to hijack user data!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/752"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=752"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/752\/revisions"}],"predecessor-version":[{"id":756,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/752\/revisions\/756"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/785"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Bugs](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Bugs-Founded-in-Facebook-Signal-Jio-Chat-Google-Duo-that-Sanctions-the-Hackers-to-Hijack-User-Data-1024x576.png\")
<\/figure><\/div>\n\n\n\n![\"Bugs](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Bug-reported-signal-facebook-jio-google-image-1024x634.jpg\")
<\/figure><\/div>\n\n\n\n![\"Bugs](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Bug-reported-signal-facebook-jio-google-image-1.png\")
<\/figure><\/div>\n\n\n\n