If you use Cisco WebEx to meet with people, you should be aware that it will phone home audio telemetry according to some research performed on the most popular conferencing apps out there and reported by The Register. And muting the app has zero effect on this:
Among the apps studied — Zoom (Enterprise), Slack, Microsoft Teams/Skype, Cisco Webex, Google Meet, BlueJeans, WhereBy, GoToMeeting, Jitsi Meet, and Discord — most presented only limited or theoretical privacy concerns. The researchers found that all of these apps had the ability to capture audio when the mic is muted but most did not take advantage of this capability. One, however, was found to be taking measurements from audio signals even when the mic was supposedly off. “We discovered that all of the apps in our study could actively query (i.e., retrieve raw audio) the microphone when the user is muted,” the paper says. “Interestingly, in both Windows and macOS, we found that Cisco Webex queries the microphone regardless of the status of the mute button.” They found that Webex, every minute or so, sends network packets “containing audio-derived telemetry data to its servers, even when the microphone was muted.”
This telemetry data is not recorded sound but an audio-derived value that corresponds with the volume level of background activities. Nonetheless, the data proved sufficient for the researchers to construct an 82 per cent accurate background activity classifier to analyze the transmission and infer the likely activity among six possibilities — e.g. cooking, cleaning, typing, etc. — in the room where the app is active. Worse still from a security standpoint, while other apps encrypted their outgoing data stream before sending it to the operating system’s socket interface, Webex did not. “Only in Webex were we able to intercept plaintext immediately before it is passed to the Windows network socket API,” the paper says, noting that the app’s monitoring behavior is inconsistent with the Webex privacy policy. The app’s privacy policy states Cisco Webex Meetings does not “monitor or interfere with you your [sic] meeting traffic or content.”
Well, clearly what is in their privacy policy is at best inconsistent with what they actually do. And at worst it’s a lie. But don’t worry, Cisco “fixed” this after it was pointed out to them:
Cisco told The Register that it altered Webex after the researchers got in touch so that it no longer transmits microphone telemetry data.
“Cisco is aware of this report, and thanks the researchers for notifying us about their research,” said a Cisco spokesperson. “Webex uses microphone telemetry data to tell a user they are muted, referred to as the ‘mute notification’ feature. Cisco takes the security of its products very seriously, and this is not a vulnerability in Webex.”
No it’s not a vulnerability. But it’s pretty bad from an optics standpoint and from a trust standpoint. Hopefully they don’t have anything else in their products that someone can trip over and call them out on. Because that’s won’t end well from a PR standpoint.
Digital Experience A Make-Or-Break For Wearable Tech In Canada: Report
Posted in Commentary with tags Cisco on May 6, 2022 by itnerdThere’s been substantial growth in the consumer medical devices market in recent years – 320 million consumer medical wearables will ship globally in 2022 (according to Deloitte). These range from heart rate monitors that can be used to detect heart disease and long COVID, to bracelets which aid ovulation prediction and conception. Now, consumers are incorporating this technology in their daily lives to improve their overall health and wellbeing.
In a new study of more than 12,000 consumers globally, including Canada, Cisco AppDynamics uncovered how quickly consumers are adopting this technology, the level of trust they have when allowing third parties to handle their data, and their expectations for incredible digital experiences when using these services.
The results show a booming industry, with consumers keen to realize a range of health and wellbeing benefits. But at the same time their expectations for flawless digital experiences are higher than ever. One bad digital experience could be the make-or-break moment in a technology failing to reach its full potential.
Key Canadian takeaways from the report include:
There is a lot more detail on this report which you can find here.
Leave a comment »