ShpilbergStudios - stock.adobe.c
Under the spotlight, video apps rush to strengthen security
Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement
With widespread attention focused on the likes of Zoom and other unified communications and collaboration (UCC) applications during the Covid-19 coronavirus pandemic, the sector is moving to address privacy and security problems more quickly than is typical in the industry, according to a new report from Mozilla.
The report, Privacy not included, said that a combination of fierce market competition and heightened scrutiny by the general public, the industry and the media was spurring UCC firms to innovate faster.
“With a record number of people using video call apps to conduct business, teach classes and catch up with friends, it is more important than ever that this technology is trustworthy,” said Ashley Boyd, Mozilla’s vice-president of advocacy.
“The good news is that the boom in usage has put pressure on these companies to improve their privacy and security for all users, which should be a wake-up call for the rest of the tech industry.”
Mozilla said that Zoom, in particular, had acted quickly to tackle its privacy and security problems, partly due to the vast range of other options poised to steal away its traffic, something Mozilla rarely sees with companies like Facebook, which lacks proper competition and so has no incentive to improve when called out on privacy issues.
Mozilla’s researchers reviewed 15 popular video apps and platforms – many of which have seen a surge in usage during the pandemic. Among other things, they assessed privacy policies, dissected app specifications, and looked at critical areas such as third-party data sharing.
They concluded that 12 out of the 15 services met Mozilla’s minimum security standard – which means they use encryption, provide automatic security updates, require strong passwords, manage security vulnerabilities using penetration testing or bug bounties, have clear points of contact for reporting security issues, and have clear privacy policies.
Three of the 15 did not meet these standards – Discord, Doxy.me and Houseparty. Those that did were Apple Facetime, BlueJeans, Cisco WebEx, Facebook Messenger, Google Hangouts, GoTo Meeting, Jitsi Meet, Microsoft Teams, Signal, Skype, WhatsApp and Zoom.
“Our research reveals there is still much work to do,” said Boyd. “Even though most of the services met our minimum security standards, many of them could still pose risks that consumers need to be aware of. We want to make sure that all videoconferencing apps have basic security and privacy features built-in to protect all users.”
Read more about videoconferencing security
- Videoconferencing tools are a remote worker’s lifeline. As such, it is essential to maintain their security. These eight best practices will help ensure secure, private video-enabled meetings.
- Hybrid cloud provides several benefits to a business. But hybrid cloud video security shouldn’t be taken for granted. Learn what four areas should be considered.
- With more people working from home and collaborating via online meetings, videoconferencing security among vendors and users has been thrust into the spotlight.
All the tested apps used some form of encryption, but very few used true end-to-end encryption, which means nobody not on the call can access its content – these were Apple FaceTime and Signal. Others tended to use client-to-server encryption, which means data is only encrypted in transit and once it has arrived on a company’s servers, it is readable.
The report builds on Mozilla’s manifesto and its research and advocacy work, which focuses on holding tech companies accountable for the security of their products, and giving consumers the information they need to take control when it comes to safeguarding their privacy and security. The full report can be read on its website.