Security

How Secure Is Skype and Other Video Conferencing Tools?

Georgina Torbet 05-02-2020

Video conferencing software is handy for everything from talking to family members who live far away to setting up big international work meetings. But some of the software used for conferencing may not be as secure as you think it is. There are a number of security vulnerabilities to be found in conferencing software like Skype.

Advertisement

Vulnerabilities in Skype

Video Conferencing Security - Vulnerabilities in Skype

Skype is one of the most popular video conferencing tools for both personal use and for business communications. And now the app is owned by Microsoft Microsoft Launches Skype 8.0 for Desktop Microsoft has released a new version of Skype for desktop, and this one looks and feels just like the mobile version of Skype. Read More , one of the largest technology companies in the world. So you might assume that it is without security issues. Unfortunately, that’s not the case.

In 2018, a researcher disclosed a security vulnerability which allowed malware to change users’ computers via the Skype update mechanism. If hackers were able to take advantage of this vulnerability, they could run code which allows them full access over Windows PCs which had Skype installed. Hackers could have installed software, stolen data, or spied on users.

Fortunately, Microsoft had identified and patched this issue before the reports emerged. In a post on the Microsoft support forums, a member of the Skype team said that this issue only affected Skype versions 7.40 and lower. “The issue was in the program that installs the Skype software—the issue was not in the Skype software itself,” she said in the post. “The installer for the current version of Skype for Windows desktop (v8) does NOT have this issue, and it has been available since October, 2017”.

The good news in this case is that Microsoft patched the issue before the public became aware of it. However, take this as a reminder about how important it is to keep your software up to date.

Advertisement

Vulnerabilities in Zoom

Video Conferencing Security - Vulnerabilities in Zoom

Another popular video conferencing option, especially for businesses, is Zoom. But this too has had its share of security issues.

Mac Local Web Server Vulnerability

In 2019, security researcher Jonathan Leitschuh announced a vulnerability he had identified in the Zoom app for Mac. The exploit used the local web server which runs in the background to enable Zoom to function on Mac. That local web server had vulnerabilities which allowed hackers to interact with it through websites. It could even turn on users’ cameras without their permission. Leitschuh warned that hackers could use the vulnerability to turn on cameras to gather information for phishing attacks.

Strangely, at first Zoom responded in a blog post by essentially denying that this was a problem. The company said that it had released a fix but “we did not force our users to update because it is empirically a low-risk vulnerability.” They also went on to criticize the researcher for the way he disclosed the vulnerability. In some ways this behavior was more worrying that the vulnerability itself. Security issues happen to practically every software company, but companies should be proactive in protecting users when concerns come to light.

Advertisement

Zoom eventually walked back from their position, saying, “we misjudged the situation and did not respond quickly enough”. They released an update to the Mac app which removed the local web server and fixed the problem. They also pledged to improve their bug bounty program to hopefully avoid problems like this in future.

Spying on Meetings via Meeting IDs

Another Zoom vulnerability was disclosed by Check Point Research in January 2020. The firm discovered an issue with the way Zoom assigns Meeting IDs. These IDs are strings of nine to 11 digits which designate a virtual room for participants to meet in. It is possible to also set a password for meetings. But if hosts don’t set a password, the Meeting ID is the only thing keeping the meeting private.

Check Point discovered they could randomly generate Zoom Meeting IDs. Then they could quickly check whether these IDs were valid. In the end, they were able to predict around four percent of randomly generated Meeting IDs. With these Meeting IDs, the researchers were able to access meetings which should have been private.

The good news here was that Zoom seemed to have learned from their previous mistakes regarding security. When Check Point disclosed the vulnerability to Zoom, Zoom quickly took action to fix it. They brought in protections like adding a password to future meetings by default.

Advertisement

Zoom also changed their system to make it harder for outsiders to tell if a Meeting ID is valid or not. Finally, they block devices which repeatedly scan for Meeting IDs.

These changes should make it much harder for any hackers to view Zoom meetings they shouldn’t.

Vulnerabilities in Webex

Video Conferencing Security - Vulnerabilities in Webex

One more video conferencing option you’ll see used in the business world is Cisco’s Webex Meetings Suite and Webex Meetings Online sites. This software had its own vulnerability disclosed in January 2020 as well. The vulnerability allowed an unauthorized person to join a meeting which should have been password protected, even when they did not have the correct password.

Advertisement

The vulnerability took advantage of an issue in the Webex mobile app, when a user clicks on a weblink to a meeting. The browser then directs the app to open. The unauthorized user could sneak in at this point.

In this case, Cisco disclosed the vulnerability themselves. The company also said it has fixed the bug and that no update of software is required.

How to Secure Your Video Conferencing Software

With all these vulnerabilities, it’s not easy to be completely sure that your video conferencing software is secure. But there are some steps you can take to improve your video conferencing security:

Alternative Video Conferencing Software

Any type of software can be vulnerable to security issues. If you want to try something different to mainstream conferencing software like Skype, check out our list of the best free Skype alternatives Sick of Skype? 7 Best Free Skype Alternatives Skype alternatives can free you from mediocrity and greatly improve the video chat experience. This article covers eight options. Read More .

Related topics: Online Security, Skype, Video Chat, Video Conferencing, Zoom.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. PC_2020
    February 19, 2020 at 6:02 am

    Skype and most of other video conferencing tools are hosted services. For better video conferencing security, one can use on premise solutions like R-HUB HD video conferencing servers. It works from behind the firewall, hence better security.