During the pandemic, it has become commonplace to make video calls with our loved ones or co-workers. And who else and who least have used that button to mute the microphone, to make sure that no one will hear us, if we release some expletive or some phrase out of place. But in this study they wanted to investigate if really the microphones are canceled with the buttons of these apps.
The study has been carried out to check if the microphone is really muted, and this does not mean that they do not listen to us on the other side, but rather if our voice is really canceled and does not travel through the network to any other place, such as the servers of the app among others. The conclusion of this study Karspersky is that the safest thing when using this function in video calls is do it from a web client.
In this case, the most common video conferencing apps were tested and based on Chromium browsers, such as Google Chrome or Microsoft Edge itself. In this environment, all the tools must respect the rules of the game imposed by the developers of this engine, so it is always safer, and we know that all the applications will behave in a similar way. The curious thing is that despite this they discovered that each application has a different behavior when interacting with the server.
How have the applications performed?
Well, as they say from the cybersecurity company, each one in its own way. In the case of zoom describe their behavior as respectful. This means that when the microphone is muted, nothing that happens on our device is heard, and no audio stream is captured. In the case of Microsoft Teams is a mystery, it was not possible to appreciate which method was used, since it is a top secret between the application and Microsoft Windows. Finally, the behavior of cisco-webexand this one turned out to have the weirdest behavior and unpredictable of all.
It has been found that this tool picks up the sound from the microphone even if it is disabled. Investigated more in depth it has been possible to verify that this application does not send data about the sound to the remote server, but only sends metadata with the volume level of the signal. But despite this, with the method used by this tool it was possible to check what type of tasks the user was carrying out at home, such as vacuuming while cooking, and if he had turned off the microphone or the camera, which obviously reveals certain information that the user does not expect to be shared.