News Smart & Connected Life Video Calls May Not Be Safe, Researchers Say Eavesdropping is just one possibility by Tech News Reporter Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. our editorial process Sascha Brodsky Published February 17, 2021 01:00PM EST fact checked by Richard Scherr Fact checker Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. Our Fact-Checking Process Twitter LinkedIn Article fact-checked on Feb 17, 2021 Richard Scherr Tweet Share Email Smart & Connected Life Phones Internet & Security Computers Smart & Connected Life Home Theater Software & Apps Social Media Streaming Gaming View More Key Takeaways A recent report by cybersecurity firm McAfee finds that video calling software could be hacked to spy on users. Dating apps such as eHarmony and Plenty of Fish were among those identified as vulnerable to hacking. The number of people using video conferencing platforms has increased dramatically, with many people forced to work from home during the coronavirus pandemic. Geber86 / Getty Images Your video calls may not be as secure as you think, according to new research. Cybersecurity firm McAfee has released a report uncovering a new vulnerability in a video-calling software development kit (SDK). Hackers could exploit this vulnerability to spy on users’ live video and audio calls. Dating apps such as eHarmony and Plenty of Fish were among those identified as using the vulnerable SDK platform. "Whether you are attending regular virtual work meetings or catching up with extended family across the globe, as a consumer, it’s important to realize what exactly you’re getting into when downloading applications that help you stay connected," Steve Povolny, head of McAfee Advanced Threat Research said in an email interview. "As the rapid, broad adoption of video conferencing tools and apps occurs, potential threats to online safety will inevitably emerge." Many Threats to Video Chats The SDK, provided by the software firm Agora.io, can be used by applications for voice and video communication across many platforms, such as mobile and web. It’s unknown how many other apps could have been impacted, Povolny said. Since McAfee discovered this security issue, Agora has updated its SDK to provide encryption. But experts say that many types of video communications remain vulnerable to hacking. Anything connected to the internet can be hacked, pointed out Joseph Carson, chief security scientist at cybersecurity firm Thycotic, in an email interview. pixelfit / Getty Images "Any devices that contain cameras can absolutely be abused to record video, analyze that data, and perform voice or facial recognition," he added. "In many incidents, the vendors who manufacture them do not provide the ability to turn them off, which means they focus purely on ease of use and almost always sacrifice security as a result." The number of people using video conferencing platforms has increased dramatically, with many people forced to work from home during the coronavirus pandemic, Hank Schless, senior manager of security solutions at cybersecurity firm Lookout, said in an email interview. "Malicious actors know that there are many new users who are unfamiliar with the apps they can exploit," he added. "In this type of campaign, they often use both malicious URLs and fake message attachments to bring targets to phishing pages." Insider Attacks are the Biggest Threat Video calling is most vulnerable when the call is recorded and stored on a third-party server or on the app provider's server, Hang Dinh, a professor of computer and information sciences at Indiana University South Bend, said in an email interview. For example, video calls on Facebook Messenger are stored on Facebook's servers and can be viewed by Facebook's employees. "If one of their employees is not careful with security, your calls can be hacked," Dinh added. "Remember that Twitter was also hacked because of an insider's fault." Jasmin Merdan / Getty Images To make their communications more secure, users should choose end-to-end encrypted video calls such as WhatsApp, Google Duo, FaceTime, and ExtentWorld, Dinh said. "Being end-to-end encrypted means the calls are not stored and decrypted on any third party server, including the call provider's servers," she added. Popular video conference software Zoom also recently began offering end-to-end encrypted video calls. Still, the encryption feature on Zoom is not turned on by default, Dinh noted. For most people, the most significant risk to video hacking is eavesdropping, Chris Morales, head of security analytics at cybersecurity company Vectra AI, said in an email interview. "The other risk is the disruption of a session with shared images and sounds," he said. "Think of it like digital graffiti." To keep out hackers, users should have passwords for all video conferences, Morales said. That password should not be posted publicly and should be shared privately. The moderator can also, by default, enable mute on all participants and disable screen sharing features. "How strong that password is will still impact the ability for someone to access a current session," he added. "But it is much better than no password at all." Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Email Address Sign up There was an error. Please try again. You're in! Thanks for signing up. There was an error. Please try again. Thank you for signing up. Tell us why! Other Not enough details Hard to understand Submit