Have you recently activated the mute function in a video call and then really complained about colleagues, customers or the boss? Read why that wasn’t a good idea. […]
If you were previously convinced that pressing the mute button is enough to protect your privacy, science has bad news: a group of researchers from the Universities of Wisconsin and Chicago has found out (PDF) that statements made during a mute are still recorded and stored in memory.
This shouldn’t really surprise us: when a user is muted and then says something, most video conferencing apps display a corresponding hint. This is only possible if it “listens” even when the mute function is activated – similar to Siri or Alexa.
The interesting question here is whether the utterances recorded during a mute pose a security risk if external – or internal – attacks occur. It is important to know that all data stored in the volatile memory is lost as soon as the computer is restarted. So it’s about the period before the restart, which – depending on user behavior – can extend over a few hours, days or even several weeks.
Stealing information from volatile memories is a generally difficult, but not impossible, undertaking. However, in practice, users and companies whose volatile memory is haunted by cybercriminals have much bigger and more pressing problems than thoughtless statements or blasphemies that were secreted during a mute.
However, as part of their investigations, the scientists also come to the conclusion that the risk of silencing strongly depends on the selected application – or on how it handles the data.
“We have not found any evidence that audio is leaving users’ devices. The only exception was the telemetry data from Cisco Webex – the company has since fixed this. But the fact is: even if the user presses the mute button, she still has access to the audio stream. As a user, you almost only trust that the app ‘behaves well’. The mute function – similar to activating or deactivating a webcam – should not be left to the app, but should be controlled either by the operating system or hardware,“ explains Kassem Fawaz, assistant professor at the University of Wisconsin-Madison.
In terms of the camera, however, it actually behaves in such a way that deactivation prevents the recording of videos. With regard to mute, however, the chosen browser can make a difference: “For Chrome, mute means mute – as far as Safari or Firefox are concerned, we have no information about that.“
The scientists’ report also focuses on trust in app manufacturers: for providers who act conscientiously and respect data protection, cybersecurity and compliance, the risk is minimal. Otherwise, users or companies could get into trouble.
You would do well to set the same standards for secret information and good behavior in terms of video conferences and video calls as in the real world. If it is forbidden to discuss certain details in the event of an imminent takeover, you should not do this in front of a microphone with outsiders – regardless of the status of the mute button. If it is about blasphemies or unpleasant remarks about colleagues, you should think about stopping this behavior anyway.
The cardinal rule of email security and compliance: Before you write a message, imagine that you are testifying about it in court. If you feel uncomfortable doing this, you should take your fingers off the keyboard. This rule can easily be extended to video conferences and calls. For example, I use an Apple Watch.
On normal days, she points out to me several times that she has not understood something or is looking for content on certain topics. Although this annoys like nothing good, it is also a highly effective reminder to take off the smartwatch before saying things that are not intended for the public.
You should also apply this pattern if you use devices or PCs – especially if you use video conferencing apps.
*Evan writes as a freelance writer and columnist for CBS News, RetailWeek and eWEEK, among others, as well as for our US sister publications Computerworld, CSO Online and CIO.com .