About Thawte

News

Malware threat vectors: Securing videoconferencing systems

Back in 2011, when videoconferencing platforms such as Skype were just starting to take hold, security researchers discovered that just like with many emerging technologies, cybercriminals were using them to spread malware.

According to Naked Security, at the time Facebook had recently launched a video chat service supported by Skype. However, hackers were leveraging the new capabilities for a scam to gain access to users' friend lists and other personal information.

This was by no means that last time a videoconferencing system was attacked. After the Facebook scam, security researchers discovered serious weaknesses in a number of widely-utilized enterprise-level videoconferencing platforms, eSecurity Planet reported.

"According to … researchers HD Moore and Mike Tuchen, those vulnerabilities could allow attackers to eavesdrop on confidential meetings. read documents sitting on a conference room table, or even zoom in to record keystrokes (such as passwords) typed by meeting participants on their laptops," eSecurity Planet contributor Jeff Goldman wrote.

Taking steps to prevent privacy invasion over videoconferencing systems
For this reason, and as companies rely on their videoconferencing platforms more and more, decision makers must work to ensure these systems are adequately protected. Often times, meetings held over this technology include the discussion of increasingly sensitive material, especially as users leverage them to connect with far away partners, clients or other groups.

Security experts told eSecurity Planet that one of the first mistakes organizations make in securing their videoconferencing systems is placing the platform directly on the Internet, without implementing a firewall or other security layer.

"A large portion of videoconferencing equipment is connected to the Internet without a firewall and is configured to automatically answer incoming video calls," security researchers stated. "This allows a remote intruder to monitor both audio and video information, often with little or no indication to the target."

In addition to a firewall, administrators can set up user profiles including authentication credentials for each approved employee. In this way, decision makers can better monitor access to the system and ensure that there are no unauthorized third-party connections.

Computer Weekly contributor Michael Cobb also suggested utilizing encryption to protect discussions over videoconferencing platforms pertaining to highly sensitive information. Encryption, such as that available through an SSL certificate, can safeguard data while it is in transit, including sound and recorded images.

Once protections have been put in place, administrators should craft an acceptable use policy so that employees are aware of the security measures, as well as activities that are allowed on the platform.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?