How iMind protects data from videoconferencing leaks
Let's list the causes of data leaks and explain how iMind protects organizations from them. How can an attacker spy on and eavesdrop on a video conference , read a chat? 2 main ways:
- Enter from the back door: intercept video and chat with hacking tools - without you knowing
- Enter from the main entrance: log in as one of the employees, view conference recordings or eavesdrop on online conversations, for example, by connecting without video
Data leakage risks turning into a loss of money and customer trust. Some cases of data leaks: Sony in 2011 and a lawsuit for $400,000, the French film company Pathe and 19 million euros .
How does iMind protect users? Methods 1-3 for the back door and 4-6 for the front door.
1. We transfer data over a secure channel - DTLS
iMind is built on WebRTC technology. WebRTC uses the browser to deliver video and audio. DTLS protocol is built into browsers. It encrypts the data channel and makes it very difficult to intercept.
Let's say I write you a letter. If I send it by mail, it is not difficult to open the envelope and read or change the letter. And if I hire a cash collection car with security, it will be much more difficult to do it.
2. We encrypt the data itself - AES-256 encryption
In case it is possible to intercept the data, it is encrypted. The person who stole the letter from the collectors must know the code or guess it in order to read it.
How to make sure that the code is not recognized - that is, they are not logged in under you - in paragraphs 3-5 .
Guessing - guessing - the code to data encrypted with 256-bit AES encryption is considered an intelligence-level task. This 1 page A4 AES-256 article explains why AES is the US Government encryption standard.
AES is built into WebRTC. If the developer of the video conference has enabled this encryption, all data is transmitted encrypted. In addition, iMind supports the highest encryption strength available in WebRTC - 256-bit.
Overcoming AES and DTLS is difficult. It is much easier to find out or crack the password. They say most hacker attacks come from the password sticker on the secretary's monitor. Here's what iMind does to make sure this doesn't happen to you.
3. We do not force you to install software
Installing any applications on a computer or smartphone is not safe. Potential vulnerabilities can be found even in the most advanced software. That's why iMind has 2 versions: a desktop version that you have to download and install, and a web version that you don't have to download. If you are working from a computer, from which it is a tragedy to lose data, do not risk it, use the web version. Consequences of using the download version are your responsibility
4. We do not store passwords
You don't need a password to log in to iMind. Keep it on your server = give the opportunity to hijack your account. Even such large and secure providers as Yahoo are hacked . If you still want to use a password, log in through Google - then Google is responsible for security.
5. We use one-time keys
Instead of a password, we send a login code to your email. SMS is more convenient, but intercepting SMS is now easier than hacking an email account. An example of how simple it is on Habré .
6. We show those who “knock” on the conference
Read more about the waiting room feature in the next article.