To get a better sense of how the video conferencing industry has developed over the last year, and why many of the most utilized services are susceptible to cyber-attacks, I spoke with George Waller, co-founder and EVP of StrikeForce.
By: Gary Drenik Contributor
George Waller has spent over two decades working in the tech industry focusing on security and building computer systems. Strikeforce helps prevent hacking and data breaches, and the company recently rolled out its new video conferencing service (SafeVchat) to give businesses cyber level protection during virtual meetings.
As the business world continues to be totally reliant on digital communications tools, the survey data you’ve sourced on how consumers feel about the value of their personal information, and their views on current video conferencing options is fascinating.
Gary Drenik: What are some of the vulnerabilities that affect existing video conferencing platforms, and what type of havoc are hackers able to wreak as a result of them?
George Waller: The past year has had profound effects on the way people live, work, and particularly how we communicate with one another. Our daily routines are now inexorably linked to digital communication and collaboration tools. Many businesses have had to overcome these challenges associated with remote work and rely heavily on video conferencing tools like Microsoft Teams, Zoom, WebEx and other platforms to solve their immediate problems and keep operations moving forward. Yet it’s baffling that none of these widely used solutions have been engineered with security in mind. Vulnerabilities have consistently been a multi-tiered danger for all of these services due to poorly designed architectures, and a lack of strong authentication controls and a fundamental understanding of cyber security.
Virtual meeting solutions are now broadly used across the marketplace in sectors like banking, education, insurance, healthcare, and government for sharing sensitive data, IP, and classified information. Hackers today have become much more sophisticated and can easily bypass anti-virus software and implant malware to exploit computers or the desktop client software that most conferencing platforms use. Once that malware has compromised a user’s computer, hackers are able to wreak havoc by being able to steal video and audio streams, keylog a user’s keystrokes, steal clipboard information and take unwanted screenshots.
As the work dynamic continues to shift and these services become increasingly implemented around the world, businesses need to be aware of these inherent dangers and develop best practices for securing their communications systems.
Drenik: We hear about a new Zoom bombing seemingly every week, is this just user error, or should the platform developers be at fault?
Waller: Recent reports highlight the fact that most Zoom bombings are the result of an insider threat, and it’s no fault of the victims. Many incidents are the result of pranks, vendettas or just coincidence.
The problem lies in the fact that developers of these platforms have made video conferencing accessibility to open. Sure, it’s simple and easy for guests to join a meeting, but that shouldn’t apply to those who aren’t invited. Many of these services don’t even require a password to attend a meeting; just click on a link and you’re in. My point is that security needs to rise to the top priority for video conferencing users. Excellent user experience and secure access don’t have to be mutually exclusive. All video platforms should be thinking security first even before the next iteration of “improved experience.”
Drenik: Are businesses at risk of an attack, or are consumers really the only ones targeted?
Consumers aren’t the only ones dealing with these modern challenges. With employees working from their home networks, businesses are more vulnerable than ever. On top of that, the explosive growth of the video conferencing marketplace has created a focal point for hackers looking to steal data, reaching a point where at the start of the pandemic, the FBI and Department of Justice issued broad warnings to the public about the potential dangers of video conferencing.
The damage has the potential to be even greater than just the data lost or viewed by an unwanted party. Bad actors and hackers have shown they’re capable of listening in on Zoom conversations or accessing shared screens and stealing documents. Should a business that works in a heavily regulated and compliant industry suffer a breach, they could be susceptible to much larger issues like massive fines, customer loss and costly lawsuits that go on forever.
Enterprises need to know that their video conferencing services are built with strong encryption, multi-factor authentication, and layered privacy controls. This will give them the confidence that their meetings are being conducted safely.
Drenik: How are cyber-attacks and data privacy issues becoming more of a target for hackers across platforms like Teams, WebEx, Zoom?
Waller: Hackers are taking advantage of the current situation we live in. The reliance on digital communications and video meetings has correlated with a rise in cyber-attacks and headline-making cases of Zoom bombing incidents. Every week there seems to be another story in the news around a college campus enduring a Zoom bomb attack, or a city council meeting being interrupted by unsavory content. While these may seem like minor incidents, there are larger vulnerabilities people don’t always talk about.
Cyber criminals today have the capacity to do some serious damage, as seen by the massive SolarWinds attack, which continues to have ripple effects for businesses and governments around the world. Hackers are now able to target and breach video sessions with ease. While convenient, client-based systems are inherently vulnerable from a security standpoint and can be used as a delivery mechanism by hackers to leverage malware onto a user’s device.
Drenik: What led to the decision to build your own competing platform? And how do the security features of SafeVchat compare to the big players in the industry?
Waller: Early in the pandemic, we understood that a shift to remote working was inevitable and there would be an increased dependence on video conferencing and digital collaboration tools. We immediately recognized that security would be paramount and existing platforms like Zoom, WebEx and Teams lacked the necessary cyber security controls and authentication that keeps users safe. This was validated when security issues surrounding Zoom led many corporations to ban its use. We sensed an opportunity to use our existing security technology to build a more secure system.
StrikeForce played a pivotal role in pioneering the creation of two of the most widely used and needed cyber security technologies, “Out-of-Band'' authentication and keystroke protection. Our company took all those years of cyber experience and set out to create SafeVchat, a next gen video meeting service that gives people the confidence that their meetings aren’t being interrupted or breached.
Existing solutions were only designed to ensure that a group of people could both see and hear each other, whereas SafeVchat was built with five levels of meeting security. The first is authentication, which makes sure every meeting participant is fully authenticated. The second is authorization, which ensures only participants on a pre-approved list are allowed access. The third is media security, which locks down your camera, microphone, audio-out speakers. The fourth is keystroke protection, which prevents keystrokes and computer clipboard from being spied on. And lastly, screenshot protection, which prevents unwanted screenshots from being stolen.
This comprehensive level of protection ensures that conversations and meetings are secure. In addition, the platform offers extensive meeting analytics and reporting to ensure compliance in an enterprise setting.
Drenik: Thank you George, we appreciate your unique insights around the security vulnerabilities of the mainstay video conferencing services, what consumers can do to protect themselves, and for providing information on how SafeVchat is a platform helping businesses and organizations keep their communications private and secure.