Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Mozilla Says Many Popular Video Call Apps Meet Its Minimum Security Standards

Mozilla’s latest “*Privacy Not Included” report shows that twelve out of fifteen popular video call applications and platforms meet the organization’s minimum security standards.

Mozilla’s latest “*Privacy Not Included” report shows that twelve out of fifteen popular video call applications and platforms meet the organization’s minimum security standards.

With the current COVID-19 pandemic forcing many to work from home, organizations have adopted video calling as a means to keep teams connected and ensure collaboration and efficiency.

Almost immediately, these applications started facing scrutiny, as both individual users and organizations have been seeking reassurance that the software and services they have adopted could deliver the desired level of security and privacy.

Released today, Mozilla’s latest *Privacy Not Included report takes a swing at fifteen video calling applications that people have been turning to lately, aiming to help users relying on video conferencing during the current lockdown make smart decisions on which apps and services are best for them.

What Mozilla’s researchers discovered was that twelve of the analyzed apps meet Mozilla’s Minimum Security Standards. These include Zoom, Google Hangouts, Apple FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting, and Cisco WebEx.

Apps that meet the standards use encryption, have an automatic security update system, use strong passwords, employ bug bounty programs and clear points of contact for reporting and managing security vulnerabilities, and have clear privacy policies.

The three applications that did not meet the standards are Houseparty, Discord, and Doxy.me. While Houseparty and Discord allow for the use of weak passwords such as ‘12345’ or ‘111111’, thus exposing user accounts, Doxy.me fails to implement many of Mozilla’s minimum security standards.

The researchers discovered that the Doxy.me telemedicine app did not require a strong password when setting up an account and did not support two-factor authentication, not to mention that it did not require for patients to prove they are who they claim to be.

Advertisement. Scroll to continue reading.

All apps alert participants when recording occurs, most apps provide hosts with the ability to set rules, and all apps use some form of encryption, but only some offer end-to-end encryption.

Most of the analyzed applications did meet the minimum security standards, but that doesn’t mean they are without risk, Mozilla warns.

“It’s unclear whether Facebook Messenger uses metadata like who you chat with to target ads, Houseparty appears to be a personal data vacuum (though kudos to its privacy policy for clearly telling users that), and Discord collects information on your contacts if you link your social media accounts,” the browser maker explains.

Mozilla also points out that users get different sets of features in video call apps designed for businesses than in those targeting everyday use.

“Video call apps like FaceTime, Google Duo, Signal, and Houseparty have a very different set of video chat features and ease of use than business-oriented apps such as Zoom, BlueJeans, GoToMeeting, Microsoft Teams, and Cisco Webex,” Mozilla says.

Thus, those looking for simplicity might skip the business-oriented apps and choose the decent security and privacy of consumer-oriented products. Businesses, however, might go for the higher level of security and a more comprehensive set of features, the Internet organization says.

Related: Zoom Announces Better Encryption, Other Security Improvements

Related: Hackers’ New Target During Pandemic: Video Conference Calls

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.