[ad_1]
In early 2019, a virus in the FaceTime call group would cause opponents to set up a microphone, and even an iPhone, the iPhone that they call and stand before receiving anything. Its problems were so severe that Apple asked for a nuclear route, cutting opportunities on the group recruitment board until the company is dissolved adjust the adjustment. The dangers of the statistics – as well as the fact that there is no need to knock or click on the victim – attracted Natalie Silvanovich.
“The idea that you can find a virus that is affected, you can call for a response without interaction – is amazing,” says Silvanovich, a researcher in Google Project Zero error tracking team. “I shed tears and tried to find these challenges in other professions. And I found many.”
Silvanovich has spent many years studying “Inconsistent” damage, hacks that they do not seek their own advantage click on the wrong link, download the recording, enter your password in the wrong place, or participate in any other way. This attack has taken on a greater meaning as struggling with phones explodes around the world.
At the Black Hat security conference in Las Vegas on Thursday, Silvanovich showcases his findings on remote space communications in popular social networking sites such as Signal, Google Duo, and Facebook Messenger, as well as world-renowned platforms JioChat and Viettel Mocha. All the bears were captured, and Silvanovich says the producers were very interested in preparing the complex within a few days or weeks after their release. But the sheer number of findings in the major works confirms that these errors are common and the need for manufacturers to take a closer look.
“When I heard about the FaceTime virus, I thought it was a virus that would never happen again, but it never happened,” says Silvanovich. “This is something we didn’t know before, but it’s important now that developers know. You promise your users that you will not start sending their voice or video instantly, and it is a burden for you to make sure your app meets this.”
The dangers Silvanovich discovered gave him ample opportunity to pay attention. The program of Facebook Messenger the error could have allowed the fighter to listen with a voice from the target device. The program of Viettel Mocha and JioChat bugs that can provide access to voice and video. The program of The sign the error revealed only the words. And the file for Google Duo Danger gave the movie a chance, but only for a few seconds. During this time, the invader could draw up frames or draw pictures.
Silvanovich’s software looked around to build more of their audio and video equipment on real-time communication devices from the open source WebRTC project. Some of the problems associated with interaction come from developers who seem to misunderstand WebRTC’s structure, or run it poorly. But Silvanovich says some of the errors came as a result of architectural design related to any time-related activity and the way the phone rang.
When someone calls you on an internet connection, the system can trigger a connection between your devices instantly, a process known as “installation,” so the recording can start as soon as you accept. Another option is to slow down a bit, wait to see if you accept the call, and then take a few seconds to start the communication process once they know what you want.
[ad_2]
Source link
