As COVID-19 continues to spread at great speed across the globe organisations and governments are advising staff to work from home where possible in an attempt to reduce infection rates. Luckily for most of us there are many tools available to make the transition much easier than it would have been even 5 years ago. The increase in popularity of video conferencing apps have been well publicised, however, along with this growing popularity, there has been a surge in security risks associated with chosen video conferencing tools.

According to App Annie, business conferencing apps have been experiencing record growth, hitting their biggest week ever in March, when they topped 62 million downloads. Affordability and ease-of-use are reported to be the biggest factors when choosing video conferencing apps. It could be argued that organisations are neglecting a key requirement, namely, how secure they are when handling user data and information. More than ever confidential information is being communicated across these communication platforms, therefore, it should be the main priority that no malicious actors are able to intercept such interactions.

Jake Moore, a cyber security expert working with antivirus provider ESET, suggests utilising other end-to-end protected video channels to ensure privacy. “For social and light business meetings they are fine as long as users realise what data is being shared by Zoom to third parties,” he says. “I certainly wouldn’t recommend using free software for sensitive or private meetings.”

Organisations which offer a product for free or nearly free are generally commercialising the product at the back-end by selling your meta-data to interested third parties. Why did Facebook buy WhatsApp?

What video softwares has been compromised so far during Covid-19?

Zoom

Zoom has been around for 9 years now and is known as being one of the leading easy to use video conferencing tools on the market. It is a cloud-based video conferencing service which is used to virtually meet with others, either by audio or video. It is also possible to record the sessions to view later. The Guardian states that it is the third most popular paid for app in the Apple app store.

However, according to research by consumer advocacy organisation Consumer Reports, Zoom’s privacy policy outlines some rather concerning data collection practices from users and meetings. In an article by The Register they claim that Zoom can extract data to work with Google and other ad networks to turn personal information into targeted ads that follow them across the web. This is similar to that of Facebook, however, the sensitivity of data obtained far exceeds the typical name and address. Zoom goes one step further and obtains “cloud recording, instant messages, files and whiteboards, all of which are shared with using the service.” The gathering and post-processing of such information is a big challenge when used for business purposes.

Furthermore, users should not only be worried about Zoom stealing their data, but also malicious actors. On the 31st of March, the FBI warned users that hackers have been hijacking video conferences and online classrooms, now known as ‘Zoombombing.’ This is mainly due to the fact that default settings of the service are configured in the expectation of trust between users, therefore, meaning hackers can wreak havoc. Zoom, of course, denies that its software is insecure, claiming that they take user security “extremely seriously.”

WhatsApp video calls

WhatsApp is one of the most popular at platforms being used by over 1.6 billion users, making use of messaging, voice and video calling features. Over the last two months, both voice and video calls are at double their volume and are well beyond the app’s traditional annual peak already. According to CNET, WhatsApp voice and video calls have more than doubled year-over-year in places most impacted by the virus.

While it is very popular in both businesses and people’s day to day life, there are still risks associated with its use. Firstly, it has been noted that a video hoax which first emerged in 2016, has re-emerged to exploit user’s data and privacy during this global pandemic. The hoax involves a video being sent by an individual called “Martinelli,” claiming that it is capable of hacking and wiping a users smartphone, with ‘nothing being able to fix it.’ WhatsApp have responded claiming that it is a scam, but advises users to be wary of receiving messages from people they do not know.

Furthermore, cyber security experts have been warning users that hackers are targeting WhatsApp users by blocking their accounts by simply sending a message with a 6 digit code attached, in an effort to trick victims into parting with cash. Once the code is sent, hackers are given the password they need to unlock a user’s WhatsApp account and therefore, steal confidential user data.

House Party

As a pure consumer app Houseparty has emerged as a viral success, allowing people to stay in touch with one another during the Coronavirus lockdown. In the last two months, there has been a surge in downloads from 130,000 downloads a week in February, to more than 2 millions downloads a week in March, according to data from Apptopia. The Financial Times has further claimed the app now ranks number one in the Apple app store in 17 countries. The app allows video calls to be conducted with the users contacts in what’s designed to feel like a virtual houseparty. As popularity has risen, so too have the concerns around security. On Tuesday 31st March, reports emerged about potential hackings. Many users were using twitter and other social media accounts, to voice their concerns claiming some of their social media accounts have been compromised. Accounts such as: PayPal, Spotify, Facebook, Instagram, Netflix and many more.

Such allegations have resulted in many users encouraging people to delete the app now. Paul Ducklin, a researcher from cyber- security company, Sophos, stated that Houseparty is “a rogue app actively breaking into every part of digital life.” There are numerous privacy concerns. For example, when using the app, users can choose whether they want their accounts to be private or not, this available option has the potential to cause serious security risks. Furthermore, there has been controversy that users have the ability to screen record private video chats without the other participants knowledge. So whether your account is private or not, users are still at risk of insecurities.

Houseparty continues to deny any claims that user’s data has been compromised and insist their app is ‘safe and secure.’ However, on the 31st of March they tweeted that they are “currently investigating that the recent hacking rumours were spread by a paid commercial spear campaign.” The US firm’s owner, Epic Games, is now offering a $1 million bounty reward for the first person who comes forward with proof of such a campaign.

How Salt Communications can protect you during this time of uncertainty

Many companies are implementing quick solutions that allow video conferencing to render virtual meetings that keep productivity high, while others opt to postpone a meeting instead of making sensitive decisions using untrusted methods, like those video conference options shared above. The reality is that as the Covid-19 crisis deepens increasingly sensitive meetings will need to take place as more and more companies are forced to keep moving or perish. There is a safe solution.

For several years Salt Communications has been working closely with clients who need precisely this, a platform that guarantees full privacy for users that choose to make critical choices without being in the same place. Many global organisations utilise Salt Communications to protect trade secrets and other sensitive, strategic and proprietary content.

“There are numerous security concerns associated with many video conferencing tools that have been deployed in a rush to maintain productivity during this crisis. These products present new opportunities to adversaries and criminals and have the potential to cause great damage to an organisation if critical information is hijacked. At Salt Communications we offer organisations a highly secure communication platform which frees them to make important decisions without being in the same room or the looming threat of security risks. Our customers pay to use our system which means that we don’t need to commercialise your sensitive information to give us income. Our aim is to offer ‘peace of mind’ for organisations at this time of great uncertainty” stated Salt Communications’ CEO, Joe Boyle.

To keep this sensitive content safe and protected and to move your business forward in this challenging period, you can deploy Salt Communications to any decision maker inside your organisation TODAY.

For more information on this article, or to talk to a member of the Salt Communications team, please contact info@saltcommunications.com.

About Salt Communications

Salt Communications, ranked in the top half in the Cybersecurity 500, provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The Salt Communications Desktop and Mobile apps are intuitive and easy to install and use. Salt Communications’ Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. Salt Communications is headquartered in Belfast, Ireland, for more information visit saltcommunications.com.