ENSURING VIDEO CONFERENCING APPLICATIONS SECURITY: PRIVACY, CHALLENGES AND RISKS

Year 2025, Volume: 3 Issue: 1, 28 - 43, 27.06.2025

İsa Avcı , Elif Yıldırım , Elif Sare Akdağ

https://doi.org/10.71074/CTC.1666265

Abstract

With the COVID-19 pandemic, video conferencing applications have played a critical role in both individual and corporate communication. However, the widespread adoption of these platforms has brought significant privacy and security threats. This study analyzes popular video conferencing applications (Zoom, Microsoft Teams, Google Meet, Skype, Cisco Webex, GoToMeeting, and TeamLink) from a security and privacy perspective, detailing aspects such as authentication mechanisms, data encryption methods, authorization policies, and security vulnerabilities. The findings reveal that end-to-end encryption support, authentication mechanisms, and security protocols vary across platforms. The results emphasize that selecting a platform according to security needs should be based on encryption algorithms, authentication methods, and security certifications.

Keywords

Video Conferencing Applications, Video Conferencing Security, Meeting Application Security

References

• İ. Avcı, Akıllı ulaşım sistemlerinde siber saldırılar ve önlemler, Akıllı Ulaşım Sistemleri ve Uygulamaları Dergisi 6 (1) (2023) 194–208. doi:10.51513/jitsa.1224909.
• İ. Avcı, M. Koca, Cybersecurity attack detection model, using machine learning techniques, Acta Polytechnica Hungarica 20 (7) (2023) 29–44.
• UNESCO, Covid-19 educational disruption and response, https://en.unesco.org/covid19/ educationresponse, accessed: 10-Feb-2025 (2020).
• D. Kagan, G. F. Alpert, M. Fire, Zooming into video conferencing privacy and security threats, arXiv preprint arXiv:2007.01059 1, jul. 2020 (2020).
• P. of RSA, Public online zoom meeting details, https://twitter.com/ParliamentofRSA/status/ 1258289355682123779, accessed: Feb. 25, 2025 (2020).
• A. Ötesi, Hollandalı gazeteci ab savunma bakanlarının gizli zoom toplantısına sızdı, https://anlatilaninotesi.com.tr/20201122/hollandali-gazeteci-ab-savunma-bakanlarinin-gizli-zoom-toplantisina-sizdi-1043268675. html, accessed: Feb. 25, 2025 (2020).
• A. Ötesi, Bursa’da öğrencilerin uzaktan eğitimine siber sapık engeli, https://anlatilaninotesi.com.tr/ 20201203/bursada-ogrencilerin-uzaktan-egitimine-siber-sapik-engeli-1043337519.html, accessed: Feb. 25, 2025 (2020).
• G. Varghese, Effectiveness of virtual learning with security, Bayan College IJMR 1 (1) (2020).
• İ. Avcı, Investigation of cyber-attack methods and measures in smart grids, Sakarya University Journal of Science 25 (4) (2021) 1049–1060. doi:10.16984/saufenbilder.955914.
• S. Balasubramanian, M. Dhanushkodi, K. Balasubramanian, A survey on security and privacy issues in video conferenc- ing systems, IEEE Access 9 (2021) 115293–115308. doi:10.1109/ACCESS.2021.3052536.
• F. Karim, A. Ali, E-learning virtual meeting applications: A comparative study from a cybersecurity perspective, https://www.researchgate.net/publication/355949578, accessed: 2025 (2021).
• N. H. Gauthier, M. I. Husain, Dynamic security analysis of zoom, google meet and microsoft teams, https://www. researchgate.net/publication/350568748, accessed: 2025 (2021).
• B. Marczak, J. Scott-Railton, Move fast & roll your own crypto: A quick look at the confidentiality of zoom meetings, https://citizenlab.ca/2020/04/ move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/, accessed: Apr. 2020 (2020).
• F. T. Commission, Zoom video communications, inc., in the matter of, https://www.ftc.gov/legal-library/ browse/cases-proceedings/192-3167-zoom-video-communications-inc-matter, accessed: Nov. 2020 (2020).
• Google, Learn about call & meeting encryption in google meet, https://support.google.com/meet/answer/ 12387251, accessed: 2023 (2023).
• M. Hasan, M. Hasan, M. Hasan, Towards a threat model and security analysis of video conferencing systems, https://www.researchgate.net/publication/349994212, accessed: 2025 (2021).
• K. S. Dassel, S. Klein, To zoom or not: Diverging responses to privacy and security risks, Journal of Business Re- searchAccessed: 2025 (2023).
• D. Kagan, G. F. Alpert, M. Fire, Zooming into video conferencing privacy and security threats, https://arxiv.org/ abs/2007.01059, accessed: Jul. 2020 (2020).
• Zoom, Security at zoom, https://explore.zoom.us/en/trust/security/, accessed: 18-Feb-2025 (2025).
• M. Support, End-to-end encryption in teams, https://support.microsoft.com, accessed: 2025 (2025).
• TeamLink, Meeting security, https://www.teamlink.co/faq/index.html#meeting-security, accessed: 20- Feb-2025 (2025).
• Google, End-to-end encryption in duo, https://www.gstatic.com/duo/papers/duo_e2ee.pdf, accessed: 23-Feb- 2025 (2018).
• Microsoft, Does skype use encryption?, https://support.microsoft.com/en-us/skype/ skype-encryption-28f5b30b-fcce-493a-9e55-049add6c2d39, accessed: Feb. 24, 2025 (2025).
• Microsoft, How long are files and data stored on skype?, https://support.microsoft.com/tr-tr/skype/ dosyalar-ve-veriler-skype-ta-ne-kadar-saklan%C4%B1r-22a11965-4c63-45d7-a56c-ee8908f5cdff, accessed: Feb. 24, 2025 (2025).
• Cisco, Webex meeting center: A white paper, https://www.cisco.com/c/en/us/products/collateral/ conferencing/webex-meeting-center/white-paper-c11-737588.html, accessed: Feb. 24, 2025 (2025).
• Cisco, Webex trust center, https://www.cisco.com/c/en/us/about/trust-center/webex.html, accessed: Feb. 24, 2025 (2025).
• LogMeIn, Gotomeeting: Web-based online meetings, desktop screen sharing and video conferencing, https://www. gotomeeting.com, accessed: 24-Feb-2025 (2025).
• LogMeIn, Privacy policy, https://www.goto.com/company/legal/privacy/us, accessed: 24-Feb-2025 (2025).
• P. Srinivasan, Our response to a recent security incident, https://www.goto.com/blog/ our-response-to-a-recent-security-incident, accessed: Feb. 25, 2025 (2023).
• LogMeIn, Unified communications collaboration security white paper snapshot, https://logmeincdn.azureedge.net/gotomeetingmedia/-/media/pdfs/UCC_security_white_paper_snapshot_April2020.pdf, accessed: Feb. 25, 2025 (2020).
• Zoom, Zoom official website, https://www.zoom.com/, accessed: 18-Feb-2025 (2025).
• Microsoft, Microsoft teams- group chat software, https://www.microsoft.com/tr-tr/microsoft-teams/ group-chat-software, accessed: 18-Feb-2025 (2025).
• TeamLink, Privacy policy, https://www.teamlink.co/privacy.html, accessed: 20-Feb-2025 (2025).
• Google, Google meet güvenlik önlemleri, https://support.google.com/meet/answer/9852160?hl=tr&ref_ topic=14074547, accessed: Feb. 23, 2025 (2025).
• C. Pro, Microsoft teams ne kadar güvenli?, https://cyberartspro.com/ microsoft-teams-ne-kadar-guvenli/, accessed: 18-Feb-2025 (2025).
• Google, Google meet’te toplantılara katılma, https://support.google.com/meet/answer/12387251?hl=tr& ref_topic=14074547, accessed: Feb. 23, 2025 (2025).
• C. T. Portal, Privacy data map — privacy data sheet, https://trustportal.cisco.com/c/r/ctp/trust-portal. html, accessed: Feb. 24, 2025 (2025).
• Microsoft, Microsoft teams online call flows, https://learn.microsoft.com/en-us/microsoftteams/ microsoft-teams-online-call-flows, accessed: 18-Feb-2025 (2025).
• Webex, Webex meetings, https://www.webex.com/suite/meetings.html, accessed: Feb. 24, 2025 (2025).
• Webex, Cage match: Competitive highlights from enterprise connect, https://www.webex.com/content/dam/ wbx/us/ebook/cage-match-webex-competitive-highlights-from-enterprise-connect_cm-3648.pdf, accessed: Feb. 24, 2025 (2025).
• C. S. Alliance, An analysis of the 2020 zoom breach, https://cloudsecurityalliance.org/blog/2022/03/13/ an-analysis-of-the-2020-zoom-breach, accessed: Mar. 13, 2022 (2022).
• CNBC, Zoom reaches $85 million settlement over user privacy and hacker ‘zoombombing’, https://www.cnbc.com/ 2021/08/01/zoom-reaches-85-million-settlement-over-user-privacy-and-hacker-zoombombing. html, accessed: Aug. 1, 2021 (2021).
• T. Guide, Zoom security issues: What’s gone wrong and what’s been fixed, https://www.tomsguide.com/news/ zoom-security-issues, accessed: Jan. 9, 2023 (2023).
• M. Support, Microsoft güvenlik danışma belgesi araçlardaki güvenlik açıkları uzaktan kod yürütülmesine Izin verebilir, https://support.microsoft.com/tr-tr/topic/microsoft-g%C3%BCvenlik-dan%C4%B1%C5% 9Fma-belgesi-ara%C3%A7lar-daki-g%C3%BCvenlik-a%C3%A7%C4%B1klar%C4%B1-uzaktan-kod-y%C3%BCr% C3%BCt%C3%BClmesine-izin-verebilir-9e1afef5-9846-0603-b03a-b106a43cb27b, accessed: 18-S¸ ubat- 2025 (2021).
• Google, Google meet security measures and best practices, https://support.google.com/meet/answer/ 9852160?hl=en&ref_topic=14074547, accessed: Feb. 24, 2025 (2024).
• UpGuard, Skype security report, https://www.upguard.com/security-report/skype, accessed: Feb. 24, 2025 (2025).
• UpGuard, Webex security rating, vendor risk report, and data breaches, https://www.upguard.com/ security-report/webex, accessed: Feb. 24, 2025 (2025).