Security Analysis of BigBlueButton and eduMEET
N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.
Download
No fulltext has been uploaded.
Conference Paper
| Published
| English
Author
Department
Abstract
Video conferencing systems have become an indispensable part of our world. Using video conferencing systems implies the expectation that online meetings run as smoothly as in-person meetings. Thus, online meetings need to be just as secure and private as in-person meetings, which are secured against disruptive factors and unauthorized persons by physical access control mechanisms.
To show the security dangers of conferencing systems and raise general awareness when using these technologies, we analyze the security of two widely used research and education open-source video conferencing systems: BigBlueButton and eduMEET. Because both systems are very different, we analyzed their architectures, considering the respective components with their main tasks, features, and user roles. In the following systematic security analyses, we found 50 vulnerabilities. These include broken access control, NoSQL injection, and denial of service (DoS). The vulnerabilities have root causes of different natures. While BigBlueButton has a lot of complexity due to many components, eduMEET, which is relatively young, focuses more on features than security. The sheer amount of results and the lack of prior work indicate a research gap that needs to be closed since video conferencing systems continue to play a significant role in research, education, and everyday life.
Publishing Year
Proceedings Title
Applied Cryptography and Network Security
Conference Location
Abu Dhabi
Conference Date
2024-03-05 – 2024-03-08
LibreCat-ID
Cite this
Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton and eduMEET. In: Applied Cryptography and Network Security. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8
Heitmann, N., Siewert, H., Moog, S., & Somorovsky, J. (2024). Security Analysis of BigBlueButton and eduMEET. Applied Cryptography and Network Security. https://doi.org/10.1007/978-3-031-54776-8_8
@inproceedings{Heitmann_Siewert_Moog_Somorovsky_2024, place={Cham}, title={Security Analysis of BigBlueButton and eduMEET}, DOI={10.1007/978-3-031-54776-8_8}, booktitle={Applied Cryptography and Network Security}, publisher={Springer Nature Switzerland}, author={Heitmann, Nico and Siewert, Hendrik and Moog, Sven and Somorovsky, Juraj}, year={2024} }
Heitmann, Nico, Hendrik Siewert, Sven Moog, and Juraj Somorovsky. “Security Analysis of BigBlueButton and EduMEET.” In Applied Cryptography and Network Security. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-54776-8_8.
N. Heitmann, H. Siewert, S. Moog, and J. Somorovsky, “Security Analysis of BigBlueButton and eduMEET,” Abu Dhabi, 2024, doi: 10.1007/978-3-031-54776-8_8.
Heitmann, Nico, et al. “Security Analysis of BigBlueButton and EduMEET.” Applied Cryptography and Network Security, Springer Nature Switzerland, 2024, doi:10.1007/978-3-031-54776-8_8.
Link(s) to Main File(s)
Access Level
Closed Access