Black Basta Team and double extortion ransomware attacks

Protect smartphones and tablets from cyber risks: the mobile security

 View all
CRYPTOGRAPHY

Videoconference and security

In a historical moment in which virtual meetings are becoming the main means of communication, both in the workplace and in the school environment, it is necessary and essential to be able to use these programs in a safe way.

The needs exposed by the COVID-19 pandemic have forced more and more workers to take advantage of videoconferencing programs to continue their work activities.

During this time, there have been numerous incidents that have shown various vulnerabilities and security holes in some of the most used video call programs.

It is extremely important to stop and think on which are the safest platforms and the behaviors that users should implement, to prevent intrusion into their privacy or the loss of their data, and avoiding the risk of becoming victims of wiretapping.

 

Secure videoconference

Cybersecurity is now an essential skill to protect yourself from the network dangers.

Human evolution cannot ignore the acquisition of these notions of cybersecurity, especially at a time when new methods of virtual work and collaboration lead us to use personal devices and connectivity.

Here are some precautions aimed at the safe and less risky use of meeting platforms.

For all users

  • Check for updates: when security problems arise in a program, these are resolved in subsequent updates, through the distribution of patches or the implementation of new functions.
  • Check your privacy settings to make sure you are not providing any data you do not want to share.
  • Do not post meeting links on public platforms or social media. This would make it very easy to access the call, even for unauthorized people.
  • Be sure to familiarize yourself with the platform features and settings, to be able to secure and protect the virtual space used.
  • Avoid file transfer: particular attention must be paid to sharing documents, especially if sent by users who do not know each other
  • Use randomly generated IDs: using your own personal meeting ID could make it easier for unwanted users to break in. It is recommended that you use a randomly generated ID.
  • Two-Factor Authentication: it is recommended to use this as an additional security measure.
  • Attention to the webcam: in general, to preserve your privacy, it is advisable to keep the camera off unless it is necessary or hide the details of your work room, activating the background options (such as the one that allows you to blur the view).

For the organizers

  • Set a password: the simplest way to prevent intrusion and hijacking is to set a password for your video conference.
  • User authentication: when creating a new event, you can choose to limit participation for only pre-registered or pre-invited users.
  • The “Waiting Room” option, if present, allows the call organizer to validate the participants before they access the meeting.
  • Lock the virtual meeting room: this option allows you to “close” the meeting, once all the participants have arrived. This option is used to prevent the participation of unauthorized users, even if the meeting ID or other login details have been disclosed.
  • Remove participants: unwanted users can be kicked out of the meeting. You can also decide to permanently exclude them, prohibiting them from accessing the call.
  • Block the participants: by muting their audio or disabling their webcam, in order to improve the connection, reduce noise and prevent interference.

 

Questions about videoconferencing security

Here are some questions that often arise when using a videoconferencing tool that can guarantee confidentiality and security of communications.

Does it have end-to-end encryption (E2EE)?

It is a type of encryption that secures communications so that they can only be seen by the users involved, and that no one can intercept them, not even the app itself.

Can video calls be intercepted and recorded by third parties?

Can anyone spy on the call and potentially record it? Who can join the call and how?

How is your account data used?

To what extent are regulatory frameworks such as the European GDPR or the California Consumer Privacy Act respected? How transparent are apps with their users about the data they collect and the third parties who have access to it?

Where is the data associated with the app stored?

This is especially important when handling private information and documents.

Is it possible to inadvertently download malware that can lead to breaches?

For example, can users inadvertently download apps that gain access to the camera and microphone? The app or malware could then reveal personal information to a hacker, who could then resell it.

 

Antares: Telsy’s videoconference tool

The growing demand for videoconferencing solutions, combined with the consequent increase in the risks associated with the security of communications that pass through it, highlight the need for a solution focused on guaranteeing the security of the exchanged contents.

Antares is the Telsy’s proposal: a web conference platform that uses asymmetric encryption protocols to ensure participant authentication.

Antares is a solution developed to allow simple and quick configuration for any environment of use, ensuring security levels superior to any other video conference solution.

In fact, the cryptographic keys are held and managed exclusively by the owner of the facility, without external mediation.

Antares also allows, as an additional layer of security, the application of end-to-end encryption where the cryptographic keys are available only to the participants of the call in progress, definitively restricting the vulnerability surfaces against sniffing attacks and the like.

 

Antares functionalities

Here are some of the main features and functionalities of the Antares video conferencing solution:

  • Full control of the infrastructure and information through distribution on a hardware platform dedicated to the Customer and installed on-site;
  • Possibility of videoconferencing with mixed traffic (traffic from internal network, traffic from external network, traffic from both internal and external network);
  • Monitoring of the platform by sending logs to SIEM (syslog) or Stack ELK;
  • Prevention of network intrusions through centralized user registrations management;
  • Password management according to IAM best practices;
  • Dashboard with platform statistics;
  • Management dashboard for managing users and rooms;
  • Videoconferences with no time limits and up to 50 participants;
  • Use of WebRTC technology;
  • Ability to activate end-to-end connection encryption mechanisms to ensure maximum privacy and communication security;
  • Multi-factor authentication support;
  • Most common features of videoconferencing systems.

 

Find out more about Antares and our other Secure Communications solutions.

1