According to the latest security vulnerabilities: Do secure messaging services exist?

Billions of people around the world who use messengers to send and receive text messages, photos, videos and to make phone calls rely on the security of these services. On August 31, Google's Project Zero discovered a critical vulnerability in one of the most widely used services. The vulnerability: video telephony.

Specifically, this involved the memory management of the video conferencing function of the instant messaging service – a very popular function that is easy to apply and convenient. By means of prepared Real-Time Transport Protocols (RTP) for the transmission of audiovisual streams via IP networks, memory damage could be caused there. What this means in specific for users is: Every accepted call could be one of an attacker. As security researcher Natalie Silvanovich wrote on Twitter, the crash of the system could be caused in any case, but potentially this security hole holds even more dangers, such as hackers using the exploit to install espionage software on user’s smartphones.

What users of messaging services should do now ...

Since the security vulnerability at WhatsApp Inc. had been reported, the company has provided patches in new versions 2.18.302 for Android and 2.18.93 under iOS. Prerequisite: Users must be able to download, install and use the latest version. Under iOS, users can find the version number in the App Store under "Updates". Users of Android can see this information under "Settings", "Help" and "App Info".

The messaging vulnerability was discovered by fuzzing (or fuzz testing), where interfaces are automatically "fed" (i.e. tested) with false or correct data. Unwanted reactions are, for example, the crash of an application already mentioned, disconnection, error messages but also the display of confidential information or an increase in used resources such as memory consumption and CPU load. Tested interfaces are comment fields on websites, serial interfaces such as USB, APIs and web services.

Since mid-2014, security researchers from Google's Project Zero have been working on detecting zero-day exploits. Identified bugs and vulnerabilities are reported to the affected vendors and published only after a patch has been released – or 90 days at the latest if there has been no patch – so that users can take security measures themselves. The team publishes source codes on its GitHub pages, general news and updates can be found on the Project zero-blogspot page. An overview of all identified issues of Project Zero can be found here.

... and which app meets user and security requirements

A messaging alternative in the form of an app for Android and iOS is already available today, providing a highly secure messenger and encrypted telephony in one application. This secure service is based on instant message and call encryption. This app is called and already works as suggested by the NATO communication protocol SCIP. In addition, the app will be protected from cyber attacks on iOS and Android in a cryptographically secured container.

This security solution is complemented by the use of the R&S®Trusted Communications Server. The aspect of secure exchange of confidential information is the common thread that runs through all areas of server applications. In times of quantum computing, the R&S®Trusted Trusted Communications Server is developed for cryptoagility. This means that cryptographic procedures and standards can be adapted promptly without requiring functional changes (e.g. for digital certificates).

Thus, the communication and collaboration platform is also suitable for the business use of a private smartphone. To ensure long-term security, the R&S®Trusted Communicator follows the "Security by Design" approach: The cryptographic procedure can be adapted to new challenges at any time without functional changes being necessary.

The usability corresponds to that of well-known communication and collaboration apps.

Related products

R&S®Trusted Mobile

Secure Androind based smartphones and tablets for companies and public authorities

More information

R&S® Trusted Gate

Data centric cybersecurity solution for safe information exchange across cloud computing environments and collaboration tools.

More information

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.