The “mute” option is seemingly helping many people today using video conferencing apps for online meetings. However, contrary to what users believe, researchers explain that this option doesn’t function as claimed. Though it stops users’ voices from being transmitted to other users online, it doesn’t prevent the app from listening to your voice.
The Problematic “Mute” Option In Video Conferencing Apps
Researchers from the University of Wisconsin-Madison and the Loyola University Chicago have recently disclosed how the video conferencing apps may keep listening even after turning the “Mute” option on.
Specifically, one of the researchers’ brother noticed some video conferencing apps kept accessing his iPhone’s mic even after enabling mute. This observation triggered the entire study, compelling the researchers to investigate the phenomenon in the background.
In brief, the researchers surveyed over 200 video conferencing apps (223 in precise) to know how users perceive the mute button functionality. Many users believed that enabling the mute option makes the apps hold their access to the device microphone. Thus, users perceive that the apps do not collect data during this period.
However, the researchers then moved on to the detailed binary analysis of some popular apps, only to find the opposite. Precisely, they discovered that some apps not only continued accessing the microphone even when muted but also collected data.
The apps that the team studied include Zoom, Slack, Microsoft Teams/Skype, Cisco, Webex, Google Meet, Discord, BlueJeans, GoToMeeting, Whereby, and Jitsi Meet. Fawaz et al. analyzed these apps across different operating systems (Windows, macOS, and Linux) to see how the native and web apps handle permissions to the device mic.
In short, they deduced that intercepting the audio traffic between the user device and the app server may result in a privacy breach. As stated in their research paper,
Using network traffic that we intercept en route to the telemetry server, we implement a proof-of-concept background activity classifier and demonstrate the feasibility of inferring the ongoing background activity during a meeting — cooking, cleaning, typing, etc.
Findings And Study Limitations
But it doesn’t make Webex the only culprit; the other apps also keep doing the same either intermittently or regularly.
The researchers have also mentioned some limitations of their study which restrict the generalization of this concept. For instance, the binary analysis technique they used didn’t apply to all VCA, particularly those that encrypt outgoing streams. Likewise, their study didn’t include the impact of room acoustics on the microphone.
The researchers have shared their findings in a detailed research paper, which they will present at the upcoming Privacy Enhancing Technologies Symposium in July 2022.
Cisco’s Response Regarding Webex Behavior
According to Bleeping Computer, Cisco has clarified the Webex behavior regarding the microphone data collection. Their statement reads,
Cisco is aware of this report, and thanks the researchers for notifying us about their research.
Webex uses microphone telemetry data to tell a user they are muted, referred to as the “mute notification” feature.
Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex.
In January 2022, Cisco changed the feature to no longer transmit microphone telemetry data.
Let us know your thoughts in the comments.