Video Conferencing Images May Make You A Phishing Target If Posted Online

Users of all types of video conferencing platforms are being been advised against posting images of their conference calls on social media. A team of researchers from Ben-Gurion University (BGU) conducted a study on the images of participants from meetings in Zoom, Microsoft Teams, and Google Meet. The research revealed that image processing algorithms and web-based text recognition allowed the researchers to identify personal features such as gender, age, and usernames.

People across the globe are using video conferencing at a rapid pace these days for everything from meetings with colleagues to virtual fitness classes to live-streaming concerts. Even Hollywood produces talk and cooking shows with hosts “calling in” from home.  In April 2020, close to 500 million people were using these systems for one reason or another.

As part of the study, the researchers discovered that images can be cross-referenced with social media data, this poses a risk to the privacy and security of users. Dr. Michael Fire from the university’s Department of Software and Information Systems Engineering stated that their findings indicated “that it is relatively easy to collect thousands of publicly available images of video conference meetings and extract personal information about the participants, including their face images, age, gender, and full names.” He continued, “This type of extracted data can vastly and easily jeopardize people’s security and privacy, affecting adults as well as young children and the elderly.”

Eighty percent (80%) of the time, the researchers were able to identify faces as well as detect participants’ gender. They were also able to closely estimate age. 

When working from home it's important to maintain your privacy and security when attending video conference calls as one would when at the office. The research team offered some recommendations for preventing privacy violations and intrusions:

Don’t post video conference images or share them online

Use generic pseudonyms like “iZoom” or “iPhone,” as opposed to a unique username or real name that is easily identifiable

Use a virtual background vs. a real background when possible. This can help prevent fingerprinting a user account across several meetings or events.

For video conferencing operators, the researchers recommend they use privacy modes such a filters or Gaussian noise to disrupt facial recognition, while still keeping the faces recognizable to participants.

In addition, since video conferencing is being used so often now to allow employees to work from home and still have productive meetings, organizations should invest time in educating employees on security and privacy threats. For private users, this also applies for children and those who may not be as familiar with these types of products or the risks they present.

Stickley on Security