Video conferencing apps: beware of risks!

The global pandemic has forced us to rethink our habits and lifestyles, including personal and working relationships: in this sense, technology has not been unprepared, allowing us to effectively provide for the lack of physical contact between individuals while maintaining the social measures of distance adopted by national governments. Among the most popular tools are undoubtedly the video conferencing apps, some of them are recording a real boom among users of all ages, thanks to the extreme versatility and simplicity of use, ranging from remote working to e-learning.
In the United States, where such services are particularly popular among adolescents, the Future of Privacy Forum, the observatory that also aims to analyze the impact of mobile applications on user privacy, (as well as author of an interesting study published last April concerning the effectiveness of applications in the fight against the epidemic) warned about some clauses present in the terms of service of some of the most popular apps , which would seem to exploit the data collected for direct marketing purposes as well.
In fact, the recent news, published in the American magazine Motherboard, of a software present within a well-known conference call service that in the version for IPhone would allow the sending of user data to third-party services such as Facebook, but then be later removed as a result of the community riots.
There is also another aspect related to the operation of the application that has pointed out many critical issues on the cybersecurity side, stemming mainly from the lack of a sandbox environment that has allowed the achievement of very deep levels in the target operating systems, to the point of allowing webcam remote control without the user’s consent; moreover, the failure to provide end-to-end encryption mechanisms and the system used for naming files allowed thousands of recordings to be traceable on the web, which most often contained confidential information or sensitive user data.
However, it is on the protection side of the most vulnerable people, such as minors, that the greatest concerns have been expressed, given the possibility of using these apps to host live lessons, to the point of forcing some countries to ban their use of them to teaching staff.
As if that weren’t enough, to fuel doubts and concerns about the security of conference call apps were added to the obvious breaches in the program that allowed the screen sharing feature to be used to spread child pornography or anti-Semitic content by some hackers during conferences or school learning sessions.
This prompted the New York Prosecutor, Letitia James, to ask the software company directly for clarification on the categories of data collected, as well as the purposes and third-party companies to which they were sold, though concerning minors.
For its part, the company reiterated compliance with U.S. federal laws governing the protection of personal data in education and school, having committed to make subsequent changes to its terms of service and privacy policy, as well as releasing a security patch to solve vulnerabilities on Windows systems caused by interaction with social networks such as LinkedIn.
Other applications were used to take over all the corporate accounts of a local network through an email to which a GIF image file have been attached, it contained a malware able to spread itself to all the victim’s contacts: again, a patch was required to remedy the vulnerability.
Given the objective non-compliance of this type of application with GDPR requirements and waiting for a ruling of legitimacy by the European Data Protection Authority, specific precautions should be taken, even though, as we have seen, almost all conference call applications have proved vulnerable.
In particular, you should use strong passwords as well as provide extensive controls of the participants at each meeting by the hosts without the possibility of entry to foreign or unauthorized people.
Of no secondary importance, as outlined above, is also the limitation of the screen sharing function in order to prevent the sharing of sensitive or even illicit data or content.