Common Security Concerns in Video Conferencing

Posted by Australia ETA on September 28th, 2021

Can video calls be intercepted and recorded by third parties?

Can others spy on the call and even record it? Who can join your calls and how can they do it? As educational institutions migrate to Zoom to teach online classes, privacy breaches may lead to issues related to the safety of children. Zoom meetings can be accessed using a short URL based on numbers that hackers can easily generate or guess.

How is your account information used?
To what degree are how to hire a hacker privacy agreements, such as the European General Data Protection Regulation or the California Consumer Privacy Act, complied with? How transparent are applications with their users about what data is collected and which third parties have access to it?

Where on the computer or phone is the data associated with the video calling application stored?
This is especially relevant if you have to deal with sensitive information and documents.

For instance:

In Skype, the photos you receive are saved on your device unless you change the settings. (Go to Messages, in Settings, on Android or iOS to change the option.)

In Zoom, if you download the conversation log that accompanies a video call, private conversations between the call participants will also be included. This can present a problem with business calls, where you can have private conversations whose content should not be revealed.

Are there surveillance measures within the application?
For example, Zoom has been criticized for its \\"attention check\\" feature, which lets a host know if a user exits the Zoom screen for 30 seconds or more. This feature can allow employers to check whether employees are actually paying attention to a business meeting, or for teachers to know whether students are paying attention to a presentation remotely.

Is there the potential for malware to be downloaded unnoticed and that could result in hacks?
For example, could users inadvertently download applications that have access to the camera and microphone? The application or malware could disclose personal information to a hacker, who could then publish it.

Regarding Zoom, in particular, several security flaws have been reported in the past. For example, in 2019, it was revealed that Zoom had installed a hidden web server on users\\' devices that allowed a user to be added to a call without their permission. Another bug allowed hackers to take control of Zoom users\\' Macs, including accessing the webcam and microphone. In response to these flaws, Zoom worked hard to address security concerns, posting updates regularly on the company blog.

Examples of cases of piracy in video conferences
One of the most common recent examples of access without permission to calls is one of the \\" Zoom bombings \\". It occurs when criminals enter chat rooms to shout racist insults or violent threats. Although the term \\"Zoom bombing\\" comes from the Zoom app, similar incidents have happened on other video conferencing platforms, including WebEx and Skype. On March 30, 2020, the FBI announced that it was investigating the growing number of unauthorized access to video calls.

On forums like Reddit or Discord, there were coordinated attempts to disrupt Zoom sessions. On Twitter, there are several accounts that shared video conference passwords that were vulnerable to people joining without permission. In some educational institutions, students promoted the idea of ??trespassing as a way to disrupt online classes.

Affected Zoom meetings (accessed by uninvited users to interrupt the session with obscene, racist, or anti-Semitic insults and which caused the host to end the session) are subsequently shared on video platforms such as TikTok or YouTube.

Previously, Google searches for URLs that included \\"Zoom.us\\" could result in conferences that were not password protected, making it easy for hackers to join in uninvited.

Although the access of this type to meetings can be annoying for participants, there is a threat that can be more serious: intruders who spy without revealing their presence, posing a very serious risk to both corporate security and privacy. individual.

Forbes recently reported that a hacker sold more than 500,000 stolen Zoom credentials, including private meeting URLs and passwords for Zoom hire a hacker hosts. It is possible that a large percentage of those credentials were reused passwords that cybercriminals obtained from other sources.

In response, Zoom stated the following:

\\" We have already hired multiple intelligence companies to find these password containers and the tools used to create them, as well as one company that has shut down thousands of websites that were trying to trick users into downloading malware or sharing their credentials. We are continuing to investigate, we are securing accounts that we found to be at risk, we are asking users to change their passwords to a more secure one, and we are trying to apply additional technology solutions to intensify our efforts. \\"