There are many great uses of video conferencing, but they are not without security risks. So what are the security concerns of video conferencing?
Video conferencing software allows people to speak with, and see, people around town and around the world. A webinar has one presenter and many viewers. Business meetings have many people all talking together, perhaps with screen sharing. Friends and family catching up might be held on the fly.
Zoom concerns
Some of the recent security events have been related to the rise in use of Zoom.
Zoom sent user information to Facebook. They corrected this error. (Mar 28, 2020)
Zoom leaked user email addresses. Zoom was categorizing everyone with the same domain in their email address as belonging to the same company. They were then sharing all company emails within the company. There were obvious exceptions for emails with @gmail.com or @yahoo.com, but missed some exceptions. They corrected the error.
More concerns
One issue is whether these services encrypt transmissions. End to end encryption is the most secure standard. This means that no one can view the data between the send and receive.
Zoom’s custom encryption method was not end to end. Zoom itself could access unencrypted video and audio from meetings, called transport encryption.
Very few of the video conferencing offerings have end to end encrypting. Zoom claimed end to end encryption, did not follow that standard.
Zoom used two Chinese data centers for a time. They corrected this as well.
An issue in the news recently was about people joining Zoom meetings to post racist or sexual content. The main issue was the meeting hosts were not careful with the meeting information. This allowed unscrupulous people to gain access and cause disruption. To remedy this, Zoom turned on passwords and waiting rooms for meetings by default.
Common concerns
But Zoom is not the only video conferencing tool that has experienced security breaches. In fact, Zoom responds to lapses and focusses on fixing them quickly.
Some of Zoom’s issues could be the result of growing pains, or not understanding all of the ways that people would be using your software.
In 2018 a Skype update could be tricked into loading malicious code. Skype corrected this issue. But Skype does not use end to end encryption either.
Another issue was a Microsoft effort to improve Skype calls by having employees listen to user interactions. Contract workers in China were able to access recordings from their homes.
Houseparty is another video conferencing site, which does not have very strong security. Forbes spoke with the company who outlined ways to create more secure meetings. Additionally concerning though is the privacy policy that describes pretty extensive data collection practices.
What should I do?
So what should a person do if they have security issues with video conferencing? Forbes has written an article about several alternatives to Zoom and discusses security in particular, and Zoom has written a Guide to using Zoom safely. The suggestions boil down to being aware of the security measures at your disposal and making use of them, while also understanding the inherent risks of any information shared online.
Feel free to call us at SDM to discuss your needs and concerns.