Bug Lets Audio, Video be Transmitted Without Consent in Apps Like Signal

Google’s Project Zero security team found a bug that lets audio and video be transmitted without user interaction in five messaging apps. These are Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. All bugs have been fixed.

I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. All these vulnerabilities have since been fixed. It is not clear why this is such a common problem, but a lack of awareness of these types of bugs as well as unnecessary complexity in signalling state machines is likely a factor.

Apple Homepage Marks Martin Luther King Day

Apple’s homepage has been updated to honour Martin Luther King day. The usual images have gone and there is a black-and-white photograph of the civil rights leader. The page also features a quote from him –  “true peace is not merely the absence of tension; it is the presence of justice.”