Workshops, educational lectures, seminars, exams and tests, and communication with relatives and friends – all this is now carried out using some video conferencing platform. Such special programs and applications provide video communication with several subscribers at once, who are sometimes located at a considerable distance from each other.
Demand creates supply, and dozens of stand-alone video services and features built into pre-existing applications have entered the market. Each of them has its advantages and disadvantages; vulnerabilities are found in them from time to time, and the use of video conferencing software is associated with certain threats. Let’s try to figure out what these threats are and how to avoid them.
Table of Contents
Threats When Using Video Conferencing Services
The main goal of cybercriminals on the Internet is to steal money and personally identifiable information of users. To achieve this, they are constantly coming up with new tricks to deceive users and ways to distribute malicious software.
Stolen data can be used for social engineering attacks or extortion. There were cases when records of psychotherapy sessions, consultations with a doctor, and meetings of companies at which financial statements were discussed were in the public domain. Once in the hands of an attacker, such information can be used for personal gain.
Below, we will consider the types of video conferencing attacks.
Leakage of personal data from the video conference application
One of the reasons for data leakage may be existing vulnerabilities that allow an attacker to intercept the session and gain unauthorized access to the credentials of both the application itself and the device on which it is installed. Another reason for data leakage may be the use of weak or the same passwords as on other services.
Leakage of personal data during or after a communication session
There are several reasons leading to data loss:
- It is the unreasonable behavior of the user, showing more data than they should. For example, when screen sharing is enabled for other conference participants, documents open on the screen, browser tabs, and even file names can contribute to the leak.
- Lack of control over the conference participants. The conference administrator needs to monitor the participants connecting to the communication session to prevent the presence of unfamiliar and unauthorized persons.
- Unreliable encryption of transmitted data and records of communication sessions or its absence at all.
Recommendations for Secure Video Conferencing
Download apps only from trusted sources: the manufacturer’s website or official app stores. The user account must be protected by a strong and unique password, and it is better if multi-factor authentication is enabled.
After installing the application, set restrictions on its access to personal information contained on the device: contacts, photos, calendar entries, microphone, camera, etc.
Check your privacy settings:
- Make sure you understand what data will be available to other users during a video session (voice, text, video, files, device screen, etc.) and whether there will be recordings of the session after it ends. It is better to limit the transmission of unnecessary data in the application settings or completely prohibit the exchange of data.
- Each video communication session must be password-protected, that is, any participant who is not authorized in the service must enter a password to connect.
- Do not publish in the public domain (for example, on social networks) the link to the video conference and the password to connect to it.
- Make sure the link to the video conference is from a trusted source. Do not click on links received from senders you do not know.
- Set up the admission of participants from the waiting room to the main chat only with the approval of the administrator.
If your communication session involves the exchange of files or confidential information, determine how much you trust a particular video conferencing service. Many of them declare the function of end-to-end encryption of information, although, in reality, this turns out to be not true, and the data is decrypted on the company’s servers.
Before a video call, make sure with a test video call that your device’s camera lens is not capturing anything that you don’t want to share with others. Take advantage of the background blurring or replacement feature that some video conferencing services offer.
During a work meeting, mute your microphone and video camera when another participant in the video conference is speaking. Don’t forget to leave the conference after it ends.
Update your device’s operating system and video conferencing applications to reduce the risk of exploiting vulnerabilities. At last, use an up-to-date antivirus. Use it to check all files received from other users before opening them.