Online conferencing and video calls are now an alternative to the conventional method of meeting people in person. With the advent of the pandemic, many of us are using video conferencing and video calls for various purposes, including homeschooling, office meetings, client interactions, video chatting with friends & family, etc., while staying home. This way, we have been experiencing a completely new way of interacting with people from our comfort zone. We will discuss the security risks and security measures of using online video conferencing and video calling apps.
Are Online Conferencing and Video Calls Safe for You?
While online video conferencing and video calls make interactions and meetings easier, they are not completely safe for users attending video calls and meetings. According to the National Security Agency of the US, users who use video conferencing or video calling for any purpose must ensure that the software or application they use for online meetings has the following requirements:
· End-to-end encryption
· Multi-factor authentication (MFA)
· Uses technology based on publicly inspectable; open-source code
· Whether data is shared with affiliates/third parties
· Users can delete data from the service and its repositories securely
Moreover, the NSA has concluded that most of the popular online conferencing and video calling tools have at least one security deficiency, for example,
· There is no MFA in GoToMeeting
· Sub-optional data deletion policies exist in Zoom, Skype for Business, Slack, Cisco, and WebEx.
· No end-to-end encryption is present in Microsoft Teams and Google G Suite. Also, they do not use open-source code.
A few apps like WhatsApp and Signal provide end-to-end encryption and are considered safe for online conversations without compromising user security and privacy.
Security Risks of Online Video Conferencing and Calling
Though teleconferencing apps like Zoom, Skype, Slack, etc., allow users to easily communicate with others remotely, they must not overlook the security risks these apps pose to them. What kind of security risks do these video conferencing apps have? Well, among several security risks, the following are more prominent:
1. Data privacy issues due to the absence of end-to-end encryption: Without end-to-end encryption, any third party can intercept the communication channel and perform eavesdropping. If users exchange sensitive information (e.g., personal or business information) in online meetings, attackers can easily steal that information and exploit it to launch attacks against the users. End-to-end encryption ensures that no third party can access the conversation and whatever information is shared during the online meeting/video call remains secure.
2. Unauthorized interception and recording: It is very easy for hackers to intercept and record video calls/online conferences without the notice of the authorized attendees of the conference or call when appropriate security is not implemented. Such incidents have been widely reported with the Zoom app, wherein the attackers generated and guessed the short number-based URL used for online meetings.
3. Account data handling: Data handling is an important issue that must be considered before using any teleconferencing app. Users should know how their account data will be handled by the app, what kind of data the app is collecting about them, who all can access this collected data, and to what extent the app complies with the standard privacy frameworks like GDPR.
4. The location where the video app data is stored on your device: Users need to know where their data (especially sensitive data) is stored on their device (computer or mobile phone). Moreover, users cannot use one-on-one private chats during an ongoing work call to prevent callers from seeing the personal chats.
5. Chances of downloading malware inadvertently: Users need to ensure that the video conferencing/calling app they use is free from vulnerabilities that can be exploited by attackers to make callers download malware inadvertently. Downloading of malware will provide attackers with remote access to callers’ microphones and cameras, which leads to hacking.
Security Measures to Ensure Video Conferencing Security
Since users who attend online meetings via video calls for their personal or official purposes are prone to several security and privacy risks (e.g., data theft, meeting hijackings, etc.), they need to be aware of such risks and implement security measures that help them to ensure video conferencing security. Some security measures that can help you to keep your video conversations secure from hackers include
· Be careful about what information you share: Whatever information you share online is prone to be intercepted so always exercise caution while revealing personal information that can be exploited. Avoid revealing private information like financial details, personally identifiable information (PII), etc. Ensure that you do not overlook the security of your online accounts.
· Carefully share the invitation link: Send the conference invite link to only intended participants and inform them not to publicize the link. Do not share any video conference or video call link publicly on social media platforms because it may allow unwanted and malicious attendees into the meeting/call.
· Enable alerts that notify you when meetings are forwarded: To control invite link forwarding, set up alerts that can notify you when the invite link is forwarded to unintended people via email. This will allow you to keep an eye on who has access to the conference and create a new invite link (with new log-in credentials) if the previous link is sent to unwanted participants.
· Keep a strong password: Usually, video calling apps provide you with the ability to protect your online conferences via a password. Ensure that you keep a strong and hard-to-guess password to better security. Do not keep the same password for different apps and services.
· Use video conferencing apps that support end-to-end encryption: End-to-end encryption ensures that no third party can access your video call and the information shared in the call will be only within the participants’ reach. Use video calling apps (e.g., WhatsApp, Google Duo, Signal, etc.) that provide end-to-end encryption to ensure your privacy and security are not compromised.
· Ensure the software is updated: Older versions of applications usually have vulnerabilities that attackers can exploit. Always update video conferencing apps to the latest version to secure your conversations. Newer or updated versions will have fixes to the vulnerabilities that exist in older and outdated app versions.
· Lock the meetings once all participants join: Lock your meetings after all intended participants have joined. However, allow those who had to drop the call for some reason so that they can join back.
· Leverage the waiting room feature in the video calling software: The waiting room feature makes participants (who want to join the call) wait unless they are admitted by the host. Use this feature to avoid unwanted people from joining the call by admitting only those who are authorized. Also, allow each attendee to speak in the beginning of the call to detect any unknown attendee.
· Get familiar with the settings of the app/software: Before utilizing any video calling platform, go through all the settings, your user profile, and other options. This will help you to get yourself familiar with the features of the app, which allows you to use it securely.
· Use extra privacy features: Check if the app has any privacy features in addition to the general settings. If you find some extra privacy features supported by the app, utilize them to ensure maximum security while using the app for online conferencing and video calling. For example, you can control settings whether users can find you via your mobile number/email on Skype.
· Download apps from an official App store only: Ensure that you download applications from trusted app stores only. Before downloading an app, always check for its reviews and developer details to avoid downloading a fake app that resembles the app you want to download.
· Enable MFA: Enable the multifactor authentication (MFA) feature for all your online accounts and devices. Even if attackers know your login credentials for your device or accounts, this feature will prevent them from logging into them and performing malicious actions.
· Only chat with people you know: When you use any online platforms, especially video calling apps, it is recommended to only chat with users you already know. Avoid chatting with unknown users as you may not know their intentions.
· Avoid the recording of meetings: Ensure that no attendee/participant of an online meeting other than the host can record the meeting. Enable alerts that notify you of the participants who secretly started recording the meeting.
· Do not provide too many permissions to the app: Allow only required permissions to the app. Deny all unnecessary permissions to secure your information and device from various threats. For example, do not allow permission for sharing your data with third parties or advertisers, claiming to improve your user experience.
· Limit using video calls if not required: Use audio calls when video calls are not necessary. This will not only save your internet bandwidth but also prevent the users on the call to know more about you and the things around you. This ensures a higher level of privacy. Use a virtual background if you need to make video calls.
· Exercise caution while using public Wi-Fi: Public Wi-Fis are convenient not only for users like you but also for hackers who want to break into your devices/accounts to steal information. This is because public Wi-Fi systems do not require any authentication for establishing an internet connection, allowing attackers easy access to unsecured devices that are connected to the public Wi-Fi network.
· Avoid giving mobile phones to unknown people: Never give your mobile phone to any unknown person because this may allow hackers to install malicious apps that steal your personal information or cause damage to your device.
· Avoid reusing the meeting IDs: Reusing the same meeting ID repeatedly for sessions is convenient for the host but it also helps attackers to get into the meeting sessions and perform their malicious actions.
In today’s world, online video conferencing and video calling are essential for people belonging to all walks of life. Since using video calling apps cannot be restricted, users will have to become more careful about the security and privacy risks associated with these apps and implement security measures to ensure they use these apps securely to reap the maximum benefits. The above-mentioned security measures will even help you protect against most online scams like WhatsApp scams that are prevelent these days.
