Here we take a brief look at research

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 4:51 am

Video conferencing has been a key enabler for the growth in remote working. From a solitary work-at-homer to an enterprise with teams across the world, VC enables real face-to-face communication. But does it bring a new risk to the business?
We take VC facilities for granted, striving for better audio, quicker graphics and better team-working tools, but are we paying enough attention to security? Platforms such as FaceTime, WhatsApp and Skype make use of common technologies such as WebRTC, so what if a hacker could find and exploit a vulnerability?

carried out recently into israel telegram vulnerabilities and how a hacker might exploit them. Finally, we look at the best ways of protecting our VC calls.

What’s the risk?
For business VC calls there is a significant potential risk in exposing sensitive information. This could be executives discussing financial information or technologists sharing IP details. Sensitive information is like a magnet for hackers. Outside of business, there is value in hacked data from individuals, such as their Facebook or WhatsApp accounts.
How could it be done?

Natalie Silvanovich of Google’s Project Zero team recently uncovered vulnerabilities that could be exploited by a hacker (they have since been patched). Web Real-Time Communication (WebRTC) is a widely used open-source technology that enables real-time communication. Silvanovich found several vulnerabilities in WebRTC, serious enough to cause a crash with out of bounds or overflow errors.

Hackers often initiate memory heap overflows as their break-in tool. By initiating an overflow on the target’s device, a hacker could take over their account and intercept the VC. There are two feasible methods:

The hacker initiates a VC call using a rogue device, establishes peer-to-peer communication and triggers the vulnerability on the target’s device
Using a phishing technique, the target is persuaded to initiate a VC, but using a signalling server that is under the hacker’s control. The hacker is then able to more easily establish a peer-to-peer communication with their rogue device.