If your employees are logged into your work network on personal devices, odds are good that they are using chat apps across that network. These types of apps have become one of the primary modes of communication, and most of us have at least one chat app on our phones or tablets.
Recently, vulnerabilities were uncovered within many popular chat apps including Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. These vulnerabilities allowed attackers to listen in on private conversations, without the users’ permission or even their awareness.
These vulnerabilities pose a danger for two reasons: First, any access point to your network could translate into access to the entire network. If an app is compromised, every device on your network is also compromised. Second, if employees discuss work matters across these apps, there is obvious potential for hackers to access sensitive information.
According to an engineer at Google’s Project Zero, “On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent.” Theoretically, such an attack could be used to listen in on workplace happenings, which could occasionally prove problematic.
These security vulnerabilities have already been patched, but the issue points our attention to a potential problem: Consider carefully whether you wish to allow employees to use personal devices at work, and to what extent they should be allowed to access your private network. It would also be wise to revisit your workplace guidelines on employees using chat apps to discuss sensitive information. Set clear expectations along with consequences for putting data at risk.
For more information on securing your network, give us a call at 888-RING-MY-TECH. We can assess your entire network and safety protocol, and make recommendations to keep your information secure.
