Skip to main content

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain. Default settings are often to blame. For example, a mobile photography app or camera may embed GPS data by default.

Some people may find this useful; quite a few more may object to it as a creepy privacy invasion.

Well, that's metadata. Now you have an idea what kind of things can lurk without knowledge. We can see what happens when we deliberately enable a data / tagging related function.

Watermarking: what's the deal?

An interesting story has recently emerged on The Intercept, of voluntary data (in the form of watermarks) wrapped into Zoom recordings, which could cause headaches in unexpected ways. Watermarks aren't hidden—they're right there by design, if people choose to use them. And the visual side of this data is supposed to be viewable during the call.

The Intercept talks about accidental identity reveals, via data embedded into calls, in relation to the ever-present videoconferencing tool. You'd be forgiven for thinking the identity reveal referenced in the article had something to do with the watermarks, but no.

The reveal happened because someone recorded a video call and dropped it online, with participant's faces on display. The people involved appear to be at least reasonably well known. The secret identity game was up regardless of what was under the hood.

Cause and effect

What the rest of the article is about, is theorising on the ways embedded metadata could cause issues for participants. Zoom allows for video and audio watermarking, with video of course being visual and so easier to spot. Video displays a portion of a user's email address when someone is sharing their screen. Audio embeds the information of anyone recording the call into the audio, and Zoom lets you know who shared it. You must ask Zoom to do this, and the clip has to be more than 2 minutes in length.

Essentially, video watermarking is to help you know who is sharing and talking during the call. Audio watermarking is to allow you to figure out if someone is sharing without permission. The Intercept explores ways this could cause problems where confidentiality is a concern.

Some identity caveats

If Zoom content is shared online without permission, it may not matter much if revealing metadata is included, unless the video call is audio only. This is because people can be easy to identify visually. Is a public figure of some sort involved? The game is already lost. If they're not normally a public facing persona, people could still find them via reverse image search or other matching tools. And if they can't, a well-known location, or a name-badge, could give them away. There are so many variables at work, only the participants may know for sure.

Hunting the leaker: does it matter?

While the other concern of identifying the leaker is still important, your mileage may vary in terms of how useful it is, versus how much of an inadvertent threat it presents. It's possible the leaker may not care much if they're revealed. They may have used a fake identity, or even compromised a legitimate account in order to do the leaking.

It's also possible that someone with a grudge could leak something then pretend they'd been compromised. If this happened, would you have a way of being able to determine the truth of the matter? Or would you simply take their word for it?

Weighing up the risk

All good questions, and a valuable reminder to consider which videoconferencing tools you want to make use of. For some organisations and individuals, there's a valid use for the metadata dropped into the files. For others, it might be safer on balance to leave them out. It might even be worth using a virtual background instead of something which reveals personal information. It might be worth asking if you even need video at all, depending on sensitivity of call.

The choice, as always, is yours.

The post Zoom watermarking: pros and cons appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

Maltrail - Malicious Traffic Detection System

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. https://ift.tt/1O9qs2Q for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Requirements: To properly run the Maltrail, Python 2.6.x or 2.7.x is required, together with pcapy (e.g. sudo apt-get install python-pcapy). There are no other requirements, other than to run the Sensor component with the administrative/root privileges. The following (black)lists (i.e. feeds) are being ...
Read more