Ever since the lockdown is announced in the face of COVID-19, there has been a huge surge in the usage of video apps. Data suggests that apps like House Party, Zoom, and Skype had cumulative app downloads of more than 36 million. The daily active users in March 2020 for these video calling companies were more than 60 Million.
While it is extremely handy and useful at the current scenario, the biggest challenge that corporates and individuals face while using these video calling services is privacy. Zoom has been at the receiving end for a couple of weeks now. Let’s quickly dive down to what happened:
Zoom Bombing: Zoom meetings can be accessed by a short number–based URL, which can easily be generated and guessed by hackers. Zoom has released guidelines in recent days about how to prevent unwanted guests from crashing video meetings and a spokesman told the Guardian it had also been working to educate its users on protections through blogposts and webinars.
No end to end encryption: Currently it is not possible to enable E2E encryption for Zoom Video meetings. In other words, Zoom does encrypt video meetings, but it does so through transport encryption. This means Zoom has the ability to access users’ private meetings. One concern among privacy advocates is that the government could someday compel Zoom to hand over recordings of users’ meetings, which were advertised as being encrypted end to end. Although Zoom might not decrypt data as it transfers across the platform’s cloud.
Security Flaws: There were multiple incidents of flawed security and compromising the access of Mac’s hardware tools, which included tapping into webcam and microphone.
Attendee Tracker: Zoom has been criticized for its “attention tracking” feature, where users were tracked if they moved out of the calling window.
Target Ads: A report from Motherboard reported that there were incidents where the data was compromised from the Facebook iOS app for advertising purposes.
Let’s not look at the risks that come along with the usage of Video conferencing Facility :
Meeting Bombing: When an uninvited user joins the meeting. The attacker usually discovers the ID of the meeting. This can be avoided by using a meeting password.
Malicious Links in Chat: Hackers can send malicious links that can compromise the credentials of the user. Having a meeting password is a must.
Stolen Meeting Links: Re-using the old meeting link can lead to the problem, it’s a good practice to not allow users to join before the host. Make sure that the notifications are on to avoid unauthorized use of links.
Data Shared with Third Parties: SaaS security solutions, like Prisma SaaS, automatically detect and remove the sharing of files that have confidential or personal information. For non-SaaS services, it’s important to have data protection agreements in place with third parties.
The malware of Zero-Day Attacks: In this case, you will need to protect from malicious activity by layering security at the endpoint and in the network.
Important Tips for Security:
- Use Meeting Lock: Keep the meetings password protected
- Keep tabs on attendees: Immediately remove users that are uninvited.
- Manage shared access: You can share appropriate rights with the users.
- Chat mindfully: Most importantly, share information in a responsible way.
Alternatives to using Zoom:
- Cisco WebEx
- Google hangouts
- Skype meetings
- Zoho meetings
- Uber Conference
- WhatsApp Video Call
We hope you find this information useful, do comment if you have any concerns using the video conferencing services. Please do share if you have insights that will make video conferencing safe. Till then have happy and safe meetings.