Some academic researchers reported and warned that the Webex video-conferencing application owned by Cisco, and others, still monitor users’ microphone devices even if they have muted it from their end. The researchers also added that the telemetry data that the application transmits to user servers could be used to identify background activities happening from the participant’s location.
The issue concerns the researchers since it shows a false sense of privacy for the meeting participants. Since many people mute their video-conferencing applications not to be heard by others during a meeting, the system can still detect noise from a muted individual.
The study also discovered that the microphone-muting mechanism in video-conferencing apps (VCA) such as Webex is application-dependent, and there is no physical indicator to inform the users if their mic is muted.
With the help of a proof-of-concept background activity, the researchers were able to identify samples of common background activities through the telemetry packets that the video-conferencing apps send, even if a participant muted themselves.
Furthermore, other popular VCAs aside from the Cisco Webex were also tested by the researchers, including Google Meet, Discord, Skype, MS Team, and Zoom, which they found out that these applications could all actively monitor a user’s microphone despite being muted.
The research also explained that native applications run differently from web-based versions, especially for unsupported platforms that request microphone access via a web browser.
Most VCAs running on Windows and macOS can inspect if users make noise, even if their mics are muted. However, they do not sample audios similar to how they do when a user is unmuted. On the other hand, the web-based counterparts of the VCAs cut off microphone data upon users muting their mics.
Out of all the VCAs tested by academic researchers, the Cisco Webex is the only one that continuously samples user audios despite muting. The app’s audio buffer also has raw audio from the user’s microphone.
The researchers are concerned about the false privacy the VCA displays, especially that its users are unaware of being heard even if they turned off their mics during a call. Thus, upon learning of the concern, Cisco released a statement, clarifying that the audio data Webex collects is limited only to the app’s audio setting.
The firm also added that the researchers had detected audio settings data like volume and gain, and not the voices or sounds coming from the participants. The collected data was meant for user experience support and troubleshooting.
Since the concern had bothered researchers and users alike, Cisco confirmed last January that their Webex application had stopped collecting the audio settings data related to user support and troubleshooting as the users muted their mics. For further issues and concerns associated with their devices, Cisco welcomes its users to communicate with them and appreciates the input they receive to improve their products and services.