Updated: Sep 2, 2020
Published: August 31, 2020 on our Security Advisor Newsletter
Users of all video conferencing platforms are alerted against posting images of their conference calls on social media. A team of researchers from Ben-Gurion University (BGU) conducted a study on participants' images from meetings in Zoom, Microsoft Teams, and Google Meet. The research revealed that image processing algorithms and web-based text recognition allowed the researchers to identify personal features such as gender, age, and usernames.
People across the globe are using video conferencing at a rapid pace these days for everything from meetings with colleagues to virtual fitness classes to live-streaming concerts. Even Hollywood produces talk and cooking shows with hosts "calling in" from home. In April 2020, close to 500 million people were using these systems for one reason or another.
As part of the study, the researchers discovered that images could be cross-referenced with social media data; this poses a risk to users' privacy and security. Dr. Michael Fire, from the university's Department of Software and Information Systems Engineering, stated that "findings indicated it is relatively easy to collect thousands of publicly available images of video conference meetings and extract personal information about the participants, including their face images, age, gender, and full names." He continued, "This type of extracted data can vastly and easily jeopardize people's security and privacy, affecting adults as well as young children and the elderly."
Eighty percent (80%) of the time, the researchers were able to identify faces and detect participants' gender. They were also able to estimate age closely.
When working from home, it's crucial to maintain your privacy and security when attending video conference calls as one would when at the office. The research team offered some recommendations for preventing privacy violations and intrusions:
Don't post video conference images or share them online.
Use generic pseudonyms like "iZoom" or "iPhone," as opposed to a unique username or real name that is easily identifiable.
Use a virtual background vs. a real background when possible to help prevent fingerprinting a user account across several meetings or events.
For video conferencing operators: the researchers recommend using privacy modes such as filters or Gaussian noise to disrupt facial recognition, while still keeping the faces recognizable to participants.
Also, since video conferencing is the most used venue that allows employees to work from home and still have productive meetings, organizations should invest time in educating employees on security and privacy threats. These recommendations also apply to children and those who may not be as familiar with these types of products or the risks they present for private users.
Keep up to date: Sign up for Fraud Alerts and Updates
Want to schedule a conversation? Please email us at firstname.lastname@example.org