No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

8x8, Jitsi.org Address Security for Video Meetings

Mohamed Hassan - pixabay.jpg

security camera on man
Image: Mohamed Hassan - pixabay.com
Video collaboration has played a monumental role in helping enterprises upkeep normality during COVID-19, but widespread use is now giving rise to security concerns, as Ray Wang, principal analyst with Constellation Research, pointed out earlier this week during a live webcast he moderated.
 
During the webcast, hosted by 8x8 and Jitsi.org, Wang led a discussion about the importance of using open-source video meeting software for security purposes, as well as next steps in the evolution of video meeting security for businesses, governments, and other organizations. As you might recall, cloud communications provider 8x8 acquired the open-source Jitsi video communications technology from Atlassian back in November 2018 (see related No Jitter article).
 
To date, tens of thousands of adopters are running their own Jitsi-based video platforms for millions of users, and “all of these people are interested in private and secure video meetings,” said Emil Ivov, founder of Jitsi.org. Not being concerned about a security breach in a video meeting is a bit like not worrying that you’ll be struck by lightning, he noted.
 
“You can go on with your life thinking that [lightning] will never strike you, and [while] most people won’t ever be struck by lightning … many people do get struck” — to dramatic consequences, Ivov said. “It’s really the same thing here; most people will never be targeted by attacks on their meeting content, but many will be … you want to make sure to reduce the impact.” Security is the cornerstone of everything, Ivov said. In the case of the Jitsi video collaboration platform, for example, that means supporting the Secure Real-Time Protocol mandated by WebRTC specs for real-time communications and making sure “everything” that leaves a user's machine is encrypted, he added.
 
During the webcast, Ivov took the opportunity to announce the launch of 8x8 Video MeetingsPro, an enterprise-grade platform powered by Jitsi technology that offers identity and moderation control capabilities. Specifically, Video MeetingsPro includes password-protected and randomly named meetings, 8x8 noted in a press release. In addition, it features real-time closed captioning during the meeting with real-time post-call transcription notes after, 60 days of cloud storage for HD meeting recordings, and the ability to add an authorized participant by secure dial-out features.
 
Additionally, although not discussed during the webcast, 8x8 announced that Jitsi and 8x8 video meeting solutions will run in the Oracle Cloud, for “optimized cloud security and performance,” and that a newly published Jitsi spec for “true” end-to-end encrypted WebRTC-based video meetings is now open for public comment.
 
The downside of skyrocketing video meeting use is that the hacker community has taken notice, said webcast participant Michael Armer, 8x8’s chief information security officer. “This is a community that’s been looking for a new attack service to exploit for some time, and they’ve actually found it in the virtual meetings space,” he said.
 
The FBI and other credible sources have identified four primary product exploits of concern, Armer said. These are: meeting hijacking (someone slides into your meeting unknown); camera and microphone takeover (secretly recording without knowledge); inadvertent disclosure of personal information to unauthorized third parties; and lastly, communications intercept.
 
“Protecting ourselves against known exploits and future exploits …, and staying focused on protecting our customers is really what’s keeping me up at night,” Armer said.
 
In signing off, Armer left this advice for enterprise IT security executives: “Don’t leave your organization exposed, and don’t put yourself in that risky position. Use products that offer the strongest encryption-level possible.”