Collaboration Security

Google Meet is a secure cloud-based solution that allows users to organize both individual and group video conferences. The platform offers many opportunities for collaboration, such as the well-known Jumpboard. Google Meet allows even unregistered guests to join the conference using the meeting code.

Security

Google initially created the solution as a business tool in the Google Workspace suite, but eventually made it available for non-commercial use. To protect personal data, the online meeting platform adheres to TLS and SSL standards for encryption during data transmission. Registered users can enable two-factor authentication using FIDO-compatible text messages, authentication apps, or security keys.

Vulnerabilities

Google Meet does not support end-to-end encryption: instead, it uses DTLS-S to protect connections. However, some may find it unpleasant to discover that the solution's vendor stores data on delays and performance. Such «collectible» information includes the data transfer rate, estimated bandwidth, names of conference organizers, participant IDs, IP addresses, as well as the meeting's date and calendar ID.

Security researchers recently highlighted a vulnerability in Google Meet's URL redirection feature, which could lead users to counterfeit domains and make them vulnerable to cybercriminals. Furthermore, when joining a meeting from a smartphone, the audio transmits over the telephone network and may not be encrypted.

Slack is a corporate messaging platform that supports video chats for up to 15 users. This solution, like other vendor services, requires mandatory account login and uses a secure system to protect confidential data. Slack supports integration with nearly 100 third-party services, including Dropbox, Google Drive, and Twitter, which explains its versatility.

Security

Data transfer between the messenger and the service uses reliable encryption protocols and signatures, such as TLS 1.2, AES-256, and SHA2. Notably, this protection system only works with the user's consent, who must approve the processing of their personal information. Confidential data at rest in the Slack production network is encrypted according to FIPS 140-2 standards, including relational databases and file storage. Simultaneously, all encryption keys are stored on a secure server with restricted access.

Vulnerabilities

If you plan to use Slack for business purposes, you should be aware of the associated risks. In 2015, hackers breached Slack, exposing vulnerabilities in the messenger's security system. The company announced that hackers had breached its system, gaining access to the database for four days and jeopardizing user privacy.

After the cyberattack, Slack experts discovered suspicious activity from several accounts that had clearly been compromised by criminals. In 2019, Tenable specialists discovered a vulnerability in the Windows version of Slack. The client application allowed users to change the download destination, potentially enabling them to steal, modify, or add malware to files.

The critical vulnerability also allowed for remote code execution (RCE). Hackers could gain full remote control over the Slack desktop application through a successful exploit, thereby accessing private channels, conversations, passwords, tokens, and keys.

Skype, created by Microsoft, is a free software for making video calls. The «‎Meet Now»‎ option allows presenters to invite both registered participants and anyone else to a virtual meeting, without requiring an account. Regarding commercial purposes, it is worth noting that Skype for Business will cease operations on July 31, 2021.

Security

Skype uses AES, also known as Rijndael, which the US government employs to safeguard confidential information. At the same time, the encryption itself is 256-bit and has proven to be reliable. Skype server uses 1536- or 2048-bit RSA certificates to certify users' public keys.

Vulnerabilities

By default, Skype does not use end-to-end encryption, which means Microsoft can view all messages, calls, and files. In addition, the vendor records people's interactions on their platform, including, but not limited to:

• Chat history
• Activity status
• Telephone numbers
• Files sent and received
• Time and duration of calls

Microsoft claims that it also collects user data from third parties, including data brokers. The corporation uses personal information for targeted advertising, personalization, research and development, and product improvement. Microsoft shares personal data with its affiliates, subsidiaries, and suppliers.

WebEx, the video conferencing platform, has existed since 1995 and is widely used by privacy-conscious companies in the healthcare, information technology, and financial services industries. This is partly because all three sectors had adopted virtual meetings long before the COVID-19 pandemic, but mostly due to the solution's reputation for maintaining strong cybersecurity. Cisco, WebEx's parent company, has long established itself as a reliable and secure vendor for corporate interactions.

Security

By default, WebEx makes user data readable by the server, but it also offers additional end-to-end encryption for up to 200 users, which exceeds the capacity of many competitors. Free account holders can contact customer support for additional protection measures. Despite considering the possibility of hosting an on-premises solution, the vendor offers a Cisco Meeting Server for this purpose.

Vulnerabilities

In 2020, Cisco engineers prepared fixes for three vulnerabilities that hackers could exploit during WebEx conferences. IBM discovered security breaches that allowed attackers to join online meetings as ghost users and gain access to personal data. Therefore, a cybercriminal could discover the full names, email addresses, and IP addresses of conference participants.

It is highly likely that you have friends or relatives on WhatsApp, as this messenger already has over two billion users. The solution was created in 2009, but it reached peak popularity in 2015, even becoming the primary means of communication in several countries, particularly in Latin America. WhatsApp enables users to organize personal and group chats, make audio and video calls, share files and locations, and even create polls.

Security

To ensure privacy, the solution supports end-to-end encryption, preventing even company employees from viewing your messages or listening to conversations. WhatsApp allows users to enable two-step verification to further protect their personal data and send disappearing messages.

Vulnerabilities

In January 2021, Meta announced an update to its privacy policy, stating that WhatsApp would store personal metadata and share it with Facebook and its «family of companies» (including Facebook Messenger, Instagram) starting in February of that year. Users could previously refuse to transfer information in the settings, but this feature is no longer available. Cyber awareness is something you need to keep in mind at all times while using WhatsApp.

In 2022, the leak resulted in the release of nearly 500 million users' personal data onto the internet. Meta had been storing users' confidential information in a nearly unencrypted form for years, allowing hackers to easily bypass the security system and gain access to it. In the following years, residents of 84 countries, including the United States, Italy, and France, suffered from the actions of fraudsters and criminals.

Zoom is a video communication platform that offers a wide range of collaborative tools. The solution gained the most popularity in 2020 during the pandemic, as many companies and organizations adopted it for remote work. Many enterprises continued using Zoom even after the lockdown was lifted, demonstrating its ongoing high demand.

Security

When using a Zoom client, video, audio, and screen sharing are protected in transit with AES-256 encryption and a one-time key for that specific session. To further protect your privacy, the solution enables additional end-to-end encryption.

Vulnerabilities

«Zoombombing» remains a significant stain on the company's reputation regarding security. The occurrence of intruders appearing in conferences and subsequently using profanity has become one of the most significant hacker attacks in the history of video communication. Attackers could send, edit, and remove chat messages, as well as remove other participants from online meetings.