In January 2019, a flaw in Apple’s FaceTime group chats made it possible for users to eavesdrop on targets even before the person on the other end accepted the incoming call. Similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger. The common root cause? Logic bugs in the signaling state machines, which Silvanovich said “are a concerning and under-investigated attack surface of video conferencing applications” The flaws stemmed from the fact that the peer-to-peer connection had been set up even before a callee answered the call.
Source: https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html