BGU researchers find it's easy to get personal data from Zoom screenshots

Scientists warn that users should not post screen images of their video conference sessions on social media

Members of the city commission to prevent the spread of coronavirus disease (COVID-19) vote during a meeting via Zoom video link in Lviv, Ukraine March 26, 2020. (photo credit: REUTERS/ROMAN BALUK)
Members of the city commission to prevent the spread of coronavirus disease (COVID-19) vote during a meeting via Zoom video link in Lviv, Ukraine March 26, 2020.
(photo credit: REUTERS/ROMAN BALUK)
Personal data can easily be extracted from Zoom and other video conference applications, researchers from Ben Gurion University of the Negev announced today.
The Israeli researchers examined Zoom, Microsoft Teams and Google Meet and warned that users should not post screen images of their video conference sessions on social media as it was easy to identify people from these shots.
“The findings in our paper indicate that it is relatively easy to collect thousands of publicly available images of video conference meetings and extract personal information about the participants, including their face images, age, gender, and full names,” said Dr. Michael Fire, BGU Department of Software and Information Systems Engineering (SISE).
He added that “This type of extracted data can vastly and easily jeopardize people’s security and privacy, affecting adults as well as young children and the elderly.”
The researchers found that it is possible to extract private information from collage images of meeting participants posted on Instagram and Twitter. They used image processing text recognition tools as well as social network analysis to explore the dataset of more than 15,700 collage images and more than 142,000 face images of meeting participants.
Artificial intelligence-based image-processing algorithms helped identify the same individual’s participation at different meetings by simply using either face recognition or other extracted user features like the image background.
The researchers were able to spot faces 80% of the time as well as detect gender and estimate age. Free web-based text recognition libraries allowed the BGU researchers to correctly determine nearly two-thirds of usernames from screenshots.
The researchers identified 1,153 people who likely appeared in more than one meeting, as well as networks of Zoom users in which all the participants were coworkers.
“This proves that the privacy and security of individuals and companies are at risk from data exposed on video conference meetings,” according to the research team which also includes BGU SISE researchers Dima Kagan and Dr. Galit Fuhrmann Alpert.
Additionally, the researchers offered a number of recommendations on how to prevent privacy and security attacks. These include not posting video conference images online, or sharing videos; using generic pseudonyms like “iZoom” or “iPhone” rather than a unique username or real name; and using a virtual background vs. a real background since it can help fingerprint a user account across several meetings.
Additionally, the team advised video conferencing operators to augment their platforms with a privacy mode such as filters or Gaussian noise to an image, which can disrupt facial recognition while keeping the face still recognizable.
“Since organizations are relying on video conferencing to enable their employees to work from home and conduct meetings, they need to better educate and monitor a new set of security and privacy threats,” Fire added. “Parents and children of the elderly also need to be vigilant, as video conferencing is no different than other online activity.”