Safe and Sound: What to Look for in a Video Conferencing Security Features

For enterprises, IT professionals, and businesses, choosing a video conferencing platform can be challenging. Since Covid-19, there has been a proliferation of video conferencing services and platforms on the market. Selecting one with the best security features is crucial in protecting your employees, sensitive data, and other information.

So how do you make the right choice? First, make sure security tops your list of features. Since the pandemic, numerous reports of Zoom bombing and other attacks on virtual conference rooms have surfaced. The threats are real, and a security-deficient video conferencing platform can have devastating implications for your business.

To help you with your research and to facilitate an informed choice, the following are some security features and characteristics to look for when selecting a video conferencing service.

Zero-Trust is an approach to cybersecurity that secures a business by eliminating implicit trust to continuously validate every stage of a digital interaction. For example…Don’t trust a service that does not embrace a Zero-Trust.

A robust platform should encrypt all communications, protecting the information exchanged during the meeting. This extends to video, audio, chat, and screen sharing. Information about the meeting, including the meeting topic, date and time, and participants, should only be accessible by authorized participants. At rest, the information needs to be stored with encryption.

Does the platform offer a meeting services infrastructure? This means a business will have complete control over where the metadata is stored and where business communications are routed across all employee meetings.

A secure platform locks down meeting links, only making links accessible by authorized and authenticated participants to whom the meeting host has access.

If an unauthorized participant tries to access a meeting, they should be automatically blocked from joining, making it appear as if the meeting does not exist. They should not have access to the meeting topic or participants through the meeting link itself. With most existing commercial platforms, uninvited participants can get to a meeting waiting room where the onus is then on the host to filter out unwanted participants.

Does it come with a licensing feature? With a licensing requirement, entry into the virtual conference room is fully controlled. Each business or organization can then manage employees that are licensed, allowing them to create, join and participate in business-related meetings. This offers an additional layer of security and control for managing the room.

Through your video conferencing service, you should be able to invite trusted partners, contractors, clients, and customers to take part in meetings. However, these external stakeholders should only be able to join meetings or meeting rooms when added as participants. They should have limited visibility into employees within your organization. A secure platform enables collaboration with external stakeholders while offering security and protection over confidential or internal meeting discussions.

Does the service allow you to schedule meetings around a topic for a specific date and time with a select group of participants? Can you easily change the meeting participants or adjust the date and time as plans or discussion topics change? An agile service also allows you to quickly view your upcoming meetings schedule and securely join a scheduled meeting with a single click.

During your search, you will probably check out Zoom, Webex, Teams, and Google Meet—four of the most popular video conferencing services on the market. Most popular, yet each has flaws and security issues that could lead to a potential attack or breach. Here is a look at some of the vulnerabilities of each service.

On Zoom, meeting links are accessible by unauthorized and unauthenticated participants. Anyone with a link can join the meeting or enter the waiting room. The waiting room gives a false sense of meeting security, leaving it up to the host to filter out unwanted participants. In addition, there are only 10 licensed users with a Zoom Pro account.

Security researchers have discovered four separate vulnerabilities in Microsoft Teams that could be exploited by an attacker to spoof link previews, leak IP addresses and even access the software giant’s internal services.

Of the four bugs Bräunlein found in Teams, two can be used on any device and allow for server-side request forgery (SSRF) and spoofing while the other two only affect Android smartphones and can be exploited to leak IP addresses and achieve Denial of Service (DOS).

By exploiting the SSRF vulnerability, the researchers were able to leak information from Microsoft’s local network. Meanwhile the spoofing bug can be used to improve the effectiveness of phishing attacks or to hide malicious links.

The DOS bug is particularly worrying as an attacker can send a user a message that includes a link preview with an invalid preview link target (for instance “boom” instead of “https://…”) to crash the Teams app for Android. Unfortunately, the app will continue to crash when trying to open the chat or channel with the malicious message.

Cisco Webex Meetings and Cisco Webex Meetings Server contain a vulnerability that allows an unauthenticated and remote attacker to redirect users to a malicious file. It’s caused by improper validation of URL paths in the application interface.

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server allows an unauthenticated, remote attacker to bypass security protections. This is caused by unsafe handling of shared content within the viewer feature.

Cisco Webex Meetings Desktop App, Cisco Webex Meetings Server, Cisco Webex Network Recording Player and Cisco Webex Teams contain a vulnerability that allows an authenticated, local attacker to perform a DLL injection attack on your device. A DLL injection basically fools an application to call a malicious DLL file, which then gets executed as part of the attack process.

Security researchers have recently pointed out a vulnerability in Google Meet URL redirection feature that can lead users to spoof domains and become victims of cybercrime.

When a link is posted in personal messages over Google Meet, they appear as a Google Meet link, which eventually takes the users to their desired URL. This is where things can get easier for the cybercriminals to lure the users using this URL and make them a target of a phishing attempt.

Google does not provide any two-factor authentication for this process and it is completely accessible by a simple click on the generated link.

There is a rising demand for video conferencing. Right now, the video conferencing market is projected to be worth around $24.4 billion by 2028, as countless businesses and enterprises pivot to video as a way of connecting and collaborating remotely. But to leverage the true power of video, you need to choose the platform with the best security features.

Diffusing Zoom bombing and other destructive threats has never been more critical for businesses. Without secure video conferencing, the consequences can be dire. Zoom bombing and other attacks can significantly harm your good name, company, reputation, and financial bottom line.

Unsure where to turn? We have a solution: War Room. Developed by VirnetX, War Room provides secure video conferencing with a comprehensive security posture to prevent cyber attackers from accessing critical and sensitive information. To read more about War Room, register to download our white paper, then contact us today. We can make your choice an easy one.

VirnetX Holding Corporation is an Internet security software and technology company with patented technology for secure communications, including 4G LTE and 5G security. VirnetX’s software and technology solutions, including its secure domain name registry and Gabriel Connection Technology™, are designed to facilitate secure communications and to create a secure environment for real-time communication applications such as instant messaging, VoIP, smartphones, e-readers, and video conferencing. The Company’s patent portfolio includes over 200 U.S. and foreign granted patents, validations, and pending applications. For more information, please visit www.virnetx.com