Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Mozilla Says Many Popular Video Call Apps Meet Its Minimum Security Standards

Mozilla’s latest “*Privacy Not Included” report shows that twelve out of fifteen popular video call applications and platforms meet the organization’s minimum security standards.

Mozilla’s latest “*Privacy Not Included” report shows that twelve out of fifteen popular video call applications and platforms meet the organization’s minimum security standards.

With the current COVID-19 pandemic forcing many to work from home, organizations have adopted video calling as a means to keep teams connected and ensure collaboration and efficiency.

Almost immediately, these applications started facing scrutiny, as both individual users and organizations have been seeking reassurance that the software and services they have adopted could deliver the desired level of security and privacy.

Released today, Mozilla’s latest *Privacy Not Included report takes a swing at fifteen video calling applications that people have been turning to lately, aiming to help users relying on video conferencing during the current lockdown make smart decisions on which apps and services are best for them.

What Mozilla’s researchers discovered was that twelve of the analyzed apps meet Mozilla’s Minimum Security Standards. These include Zoom, Google Hangouts, Apple FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting, and Cisco WebEx.

Apps that meet the standards use encryption, have an automatic security update system, use strong passwords, employ bug bounty programs and clear points of contact for reporting and managing security vulnerabilities, and have clear privacy policies.

The three applications that did not meet the standards are Houseparty, Discord, and Doxy.me. While Houseparty and Discord allow for the use of weak passwords such as ‘12345’ or ‘111111’, thus exposing user accounts, Doxy.me fails to implement many of Mozilla’s minimum security standards.

The researchers discovered that the Doxy.me telemedicine app did not require a strong password when setting up an account and did not support two-factor authentication, not to mention that it did not require for patients to prove they are who they claim to be.

Advertisement. Scroll to continue reading.

All apps alert participants when recording occurs, most apps provide hosts with the ability to set rules, and all apps use some form of encryption, but only some offer end-to-end encryption.

Most of the analyzed applications did meet the minimum security standards, but that doesn’t mean they are without risk, Mozilla warns.

“It’s unclear whether Facebook Messenger uses metadata like who you chat with to target ads, Houseparty appears to be a personal data vacuum (though kudos to its privacy policy for clearly telling users that), and Discord collects information on your contacts if you link your social media accounts,” the browser maker explains.

Mozilla also points out that users get different sets of features in video call apps designed for businesses than in those targeting everyday use.

“Video call apps like FaceTime, Google Duo, Signal, and Houseparty have a very different set of video chat features and ease of use than business-oriented apps such as Zoom, BlueJeans, GoToMeeting, Microsoft Teams, and Cisco Webex,” Mozilla says.

Thus, those looking for simplicity might skip the business-oriented apps and choose the decent security and privacy of consumer-oriented products. Businesses, however, might go for the higher level of security and a more comprehensive set of features, the Internet organization says.

Related: Zoom Announces Better Encryption, Other Security Improvements

Related: Hackers’ New Target During Pandemic: Video Conference Calls

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...