at the University of Wisconsin-Madison and Loyola University Chicago, utterances made while the app is in mute are still captured and saved into RAM.<\/span><\/p>\nOn one level, this is something we all already knew. When a user is muted and says something, most videoconferencing apps will display a note alerting the user that they’re talking while muted. How could it say that if it weren’t listening while the mute button is on?\u00a0<\/span><\/p>\nJust as Apple\u2019s Siri or Amazon\u2019s Alexa are always listening for a command word, so, too, are those “muted” applications.\u00a0<\/span><\/p>\nThe real question is whether those captured utterances are at meaningful risk for being accessed by an attacker or an insider. First, anything saved in volatile memory is lost \u2014 theoretically \u2014 the instant the machine restarts or shuts down. Therefore, we are looking at the exposure after the utterance is made and before<\/em> that machine restarts. Depending on the user\u2019s behavior, that timeframe might be a few hours, a couple of days \u2014 possibly multiple weeks.\u00a0<\/span><\/p>\nGenerally, stealing data from volatile memory is difficult, but not impossible. As the report authors said in a group interview, if a bad guy gets into volatile memory, the user and the enterprise have a lot bigger concerns than some saved utterances during a mute. Still, it could happen.<\/span><\/p>\nThe mute issue is solely based on the app and how it handles such data.<\/span><\/p>\nOne of the lead authors of the report is Kassem Fawaz, an assistant professor in the <\/span>Electrical and Computer Engineering<\/span> Department at the University of Wisconsin-Madison who is also affiliated with Wisconsin\u2019s Computer Sciences Department.\u00a0<\/span><\/p>\n\u201cThe main implications have to do with the inherent trust users are placing in these <\/span>videoconferencing apps,\u201d Fawaz said. \u201c<\/span>We did not find evidence of audio leaving the user\u2019s devices. The only exception was telemetry data leaving from Cisco Webex, which has been fixed since our disclosure to Ciscom. However, even when the user presses the mute button, the app still has access to the audio stream and the user is trusting that the app is well-behaved. The other implication is that the mute functionality \u2014 similar to turning off the camera \u2014 should not be left to the app, but should be either OS-controlled or hardware-controlled.\u201d<\/span><\/p>\nFawaz\u2019s point about the camera is that the team found that a camera \u201coff\u201d button truly halted any video from being captured in any way. Not so much with audio. Sometimes, the browser can make a difference. <\/span><\/p>\n\u201cOn Chrome, mute means mute,” Fawaz said. “We can’t say about Safari or Firefox.\u201d<\/span><\/p>\nThe university\u2019s report was mostly about trust in the app makers. If the vendors are acting honorably and respecting privacy, cybersecurity, and security compliance issues, then the risk is minimal. If they are <\/span>not <\/span><\/i>acting that way, users and enterprises could be in trouble. <\/span><\/p>\nThe report didn\u2019t draw conclusions on how the app makers were behaving, but merely stressed that each one can go in its own direction.<\/span><\/p>\nThat said, the rules of secrecy and even the rules of being a nice person should apply here. With the imminent-acquisition scenario, if you\u2019re not allowed to discuss certain details, don\u2019t say them in front of a microphone with outsiders regardless of what the mute toggle displays. As for being nice, how about not saying nasty comments about your colleagues or clients at all?\u00a0<\/span><\/p>\nThe cardinal rule of email and security\/compliance is, \u201cBefore you type an email\/message, envision yourself testifying to it in open court. If that makes you uncomfortable, don\u2019t type it.\u201d It\u2019s not a far leap to extend that rule to speaking something in front of a microphone.\u00a0<\/span><\/p>\nFor example, I use an Apple Watch. Several times during a typical day, it will say loudly \u201cI didn\u2019t understand that\u201d or \u201cHere\u2019s what I found on that topic.\u201d Although it is highly annoying and frustrating, it\u2019s an effective reminder that I need to take that watch off before saying anything that I don\u2019t want the world to know. <\/span><\/p>\nYou need to keep in mind the same thing when using a mobile device or a desktop device \u2014 especially while using a videoconferencing app.<\/span><\/p>\nhttp:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"![](\"https:\/\/images.idgesg.net\/images\/article\/2019\/10\/siri-ios13-listening-100813002-large.3x2.jpg?auto=webp&quality=85,70\"\/)
<\/p>\n
Credit to Author: Evan Schuman| Date: Thu, 28 Apr 2022 11:35:00 -0700<\/strong><\/p>\n\n