[Colloquium] TODAY, 10AM: Kassem Fawaz (Wisconsin) - Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps

Fri May 20 08:30:00 CDT 2022

*Department of Computer Science Seminar*

*Kassem Fawaz*
*Assistant Professor, Department of Electrical and Computer Engineering*
*University of Wisconsin-Madison*

*Friday, May 20*
*10:00 - 11:00 AM*
*In Person*: JCL 390
*Remote*: Zoom
<https://www.google.com/url?q=https://uchicagogroup.zoom.us/j/93983097604?pwd%3Dd3lHS1BrL1ExdnduczI1TWdndlA5dz09&sa=D&source=calendar&ust=1653150872851821&usg=AOvVaw0n7FwTYVenK5pteND-_qn->

*Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video
Conferencing Apps*

*Abstract*: In the post-pandemic era, video conferencing apps (VCAs) have
converted previously private spaces — bedrooms, living rooms, and kitchens
— into semi-public extensions of the office. And for the most part, users
have accepted these apps in their personal space, without much thought
about the permission models that govern the use of their personal data
during meetings. While access to a device’s video camera is carefully
controlled, little has been done to ensure the same level of privacy for
accessing the microphone. In this work, we ask the question: what happens
to the microphone data when a user clicks the mute button in a VCA? We
first conduct a user study to analyze users’ understanding of the
permission model of the mute button. Then, using runtime binary analysis
tools, we trace raw audio in many popular VCAs as it traverses the app from
the audio driver to the network. We find fragmented policies for dealing
with microphone data among VCAs — some continuously monitor the microphone
input during mute, and others do so periodically. One app transmits
statistics of the audio to its telemetry servers while the app is muted.
Using network traffic that we intercept en route to the telemetry server,
we implement a proof-of-concept background activity classifier and
demonstrate the feasibility of inferring the ongoing background activity
during a meeting — cooking, cleaning, typing, etc. We achieved 81.9% macro
accuracy on identifying six common background activities using intercepted
outgoing telemetry packets when a user is muted.

*Bio*: Kassem Fawaz <https://kassemfawaz.com/> is an Assistant Professor in
the Electrical and Computer Engineering department at the University of
Wisconsin–Madison. He earned his Ph.D. in Computer Science and Engineering
from the University of Michigan. His research interests include the
security and privacy of the interactions between users and connected
systems. He was awarded the Caspar Bowden Award for Outstanding Research in
Privacy Enhancing Technologies in 2019. He also received the National
Science Foundation CAREER award in 2020, Google Android Security and
PrIvacy REsearch (ASPIRE) award in 2021, and Facebook Research Award in
2021. His research is funded by the National Science Foundation, Federal
Highway Administration, and the Defense Advanced Research Projects. His
work on privacy has been featured in several media outlets, such as the
BBC, Wired, the Wall Street Journal, the New Scientist, and ComputerWorld.

*Host*: Ben Zhao

*Zoom*:
*https://uchicagogroup.zoom.us/j/93983097604?pwd=d3lHS1BrL1ExdnduczI1TWdndlA5dz09*
<https://www.google.com/url?q=https://uchicagogroup.zoom.us/j/93983097604?pwd%3Dd3lHS1BrL1ExdnduczI1TWdndlA5dz09&sa=D&source=calendar&ust=1653150872851821&usg=AOvVaw0n7FwTYVenK5pteND-_qn->

-- 
*Rob Mitchum*

*Associate Director of Communications for Data Science and Computing*
*University of Chicago*
*rmitchum at uchicago.edu <rmitchum at ci.uchicago.edu>*
*773-484-9890*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20220520/74a095fe/attachment.html>