All software has bugs. But there's an extra sting when that software is something you use to communicate securely.

On Friday, a researcher at Google's elite vulnerability hunting team Project Zero published details about an issue in the Android version of Signal. The bug allowed a hacker to phone a target device, and the call would be answered without the recipient needing to even accept the call, essentially letting the hacker listen-in on the victim.

"When the call is ringing, the audio mute button can be pressed to force the callee device to connect, and audio from the callee device will be audible," Natalie Silvanovich, a security engineer at Project Zero, wrote in a September bug report which was made public today.