{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,22]],"date-time":"2025-05-22T16:06:43Z","timestamp":1747930003370,"version":"3.40.3"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031547751"},{"type":"electronic","value":"9783031547768"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-54776-8_8","type":"book-chapter","created":{"date-parts":[[2024,2,28]],"date-time":"2024-02-28T07:02:36Z","timestamp":1709103756000},"page":"190-216","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Security Analysis of\u00a0BigBlueButton and\u00a0eduMEET"],"prefix":"10.1007","author":[{"given":"Nico","family":"Heitmann","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hendrik","family":"Siewert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sven","family":"Moog","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juraj","family":"Somorovsky","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,2,29]]},"reference":[{"key":"8_CR1","unstructured":"8x8, Inc., Vulnerability Disclosure Program Policy (2023). https:\/\/hackerone.com\/8x8"},{"key":"8_CR2","unstructured":"Ahmed, M.: Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom (2020). https:\/\/mazinahmed.net\/blog\/hacking-zoom\/"},{"key":"8_CR3","unstructured":"Altpeter, B.: RCE in Jitsi Meet Electron prior to 2.3.0 due to insecure use of shell.openExternal() (CVE-2020-25019) (2020). https:\/\/benjamin-altpeter.de\/jitsi-meet-electron-rce-shell-openexternal\/"},{"key":"8_CR4","unstructured":"Anthony, T.: Zoom Security Exploit - Cracking private meeting passwords (2020). https:\/\/www.tomanthony.co.uk\/blog\/zoom-security-exploit-crack-private-meeting-passwords\/"},{"key":"8_CR5","unstructured":"Th\u00e9venet, A.: France digital strategy for education supports the use of digital commons (2023). https:\/\/joinup.ec.europa.eu\/collection\/open-source-observatory-osor\/news\/france-digital-strategy-education-2"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Begen, A.C., Kyzivat, P., Perkins, C., Handley, M.J.: SDP: Session Description Protocol. RFC 8866 (Proposed Standard) (2021). https:\/\/www.rfc-editor.org\/rfc\/rfc8866.txt","DOI":"10.17487\/RFC8866"},{"key":"8_CR7","unstructured":"BigBlueButton. French Ministry of Education chooses BigBlueButton (2023). https:\/\/bigbluebutton.org\/2023\/01\/11\/french-ministry-of-education-chooses-bigbluebutton\/"},{"key":"8_CR8","unstructured":"Bostr\u00f6m, H., Jennings, C., Castelli, F., Bruaroey, J-I.: WebRTC: Real-time communication in browsers. W3C recommendation, W3C (2023). https:\/\/www.w3.org\/TR\/2023\/REC-webrtc-20230306\/"},{"key":"8_CR9","unstructured":"Br\u00e4unlein, F.: MS Teams: 1 feature, 4 vulnerabilities (2021). https:\/\/positive.security\/blog\/ms-teams-1-feature-4-vulns"},{"key":"8_CR10","unstructured":"B\u00f6ck, H.: File Exfiltration via Libreoffice in BigBlueButton and JODConverter (2020). https:\/\/blog.hboeck.de\/archives\/902-File-Exfiltration-via-Libreoffice-in-BigBlueButton-and-JODConverter.html"},{"key":"8_CR11","unstructured":"Castillo, I.B.: mediasoup v3 Design (2020). https:\/\/mediasoup.org\/documentation\/v3\/mediasoup\/design\/"},{"key":"8_CR12","unstructured":"Davis, R.: Zoom\u2019s Bug Bounty Program: 2021 in Review (2022). https:\/\/blog.zoom.us\/zoom-bug-bounty-program-2021\/"},{"key":"8_CR13","unstructured":"Kasak, D., Callahan, D., Hodgson, M.: Practically-exploitable Cryptographic Vulnerabilities in Matrix (2022). https:\/\/matrix.org\/blog\/2021\/09\/13\/vulnerability-disclosure-key-sharing"},{"key":"8_CR14","unstructured":"Fratric, I.: XMPP Stanza Smuggling or How I Hacked Zoom (2022). https:\/\/i.blackhat.com\/USA-22\/Thursday\/US-22-Fratric-XMPP-Stanza-Smuggling.pdf"},{"key":"8_CR15","unstructured":"G\u00c9ANT. Build Your Own eduMEET Service (2020). https:\/\/web.archive.org\/web\/20200416162612\/https:\/\/edumeet.org\/build\/"},{"key":"8_CR16","unstructured":"heise online. Rheinland-Pfalz: Schulen d\u00fcrfen Microsoft-Software Teams nicht mehr nutzen [Rhineland-Palatinate: Schools no longer allowed to use Microsoft Teams] (2022). https:\/\/www.heise.de\/news\/Rheinland-Pfalz-Schulen-duerfen-Microsoft-Software-Teams-nicht-mehr-nutzen-7154309.html"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Jones, M.B., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519 (Proposed Standard) (2015). https:\/\/www.rfc-editor.org\/rfc\/rfc7519.txt. Updated by RFCs 7797, 8725","DOI":"10.17487\/RFC7519"},{"key":"8_CR18","unstructured":"Keegan, R.: Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection (2020). https:\/\/medium.com\/@keegan.ryan\/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d"},{"key":"8_CR19","unstructured":"Kelly, S.M.: Zoom\u2019s massive \u2019overnight success\u2019 actually took nine years. CNN (2020). https:\/\/edition.cnn.com\/2020\/03\/27\/tech\/zoom-app-coronavirus\/index.html"},{"key":"8_CR20","unstructured":"Kinugawa, M.: Discord Desktop app RCE (2020). https:\/\/mksben.l0.cm\/2020\/10\/discord-desktop-rce.html"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Ling, C., Balci, U., Blackburn, J., Stringhini, G.: A first look at Zoombombing. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1452\u20131467 (2021). https:\/\/ieeexplore.ieee.org\/document\/9638984","DOI":"10.1109\/SP40001.2021.00061"},{"key":"8_CR22","unstructured":"Marczak, B., Scott-Railton, J.: Move fast and roll your own crypto - a quick look at the confidentiality of zoom meetings (2020). https:\/\/citizenlab.ca\/2020\/04\/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings\/"},{"key":"8_CR23","unstructured":"Martin, T., Radzio, M., Sharma, K.: Matrix concepts (2023). https:\/\/matrix.org\/docs\/matrix-concepts"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Celi, S., Dowling, B., Jones, D.: Practically-exploitable Cryptographic Vulnerabilities in Matrix (2022). https:\/\/nebuchadnezzar-megolm.github.io\/static\/paper.pdf","DOI":"10.1109\/SP46215.2023.10351027"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"McGrew, D., Rescorla, E.: Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). RFC 5764 (Proposed Standard) (2010). https:\/\/www.rfc-editor.org\/rfc\/rfc5764.txt. Updated by RFCs 7983, 9443","DOI":"10.17487\/rfc5764"},{"key":"8_CR26","unstructured":"Meyer, K.: G\u00c9ANT eduMEET service launched early to support communication needs during the COVID-19 lockdown (2020). https:\/\/connect.geant.org\/2020\/06\/16\/geant-edumeet-service-launched-early-to-support-communication-needs-during-the-covid-19-lockdown"},{"key":"8_CR27","unstructured":"Nettleton, R.: BigBlueButton (2010). https:\/\/web.archive.org\/web\/20100814003302\/https:\/\/edc.carleton.ca\/blog\/index.php\/2010\/06\/04\/bigbluebutton\/"},{"key":"8_CR28","unstructured":"s1r1us and TheGrandPew. Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass - CVE-2022-23597 (2022). https:\/\/blog.electrovolt.io\/posts\/element-rce\/"},{"key":"8_CR29","unstructured":"Sakimura, N., Bradley, J., Jones, M.B., de Medeiros, B., Mortimore, C.: OpenID Connect Core 1.0. OpenID Foundation (2014). https:\/\/openid.net\/specs\/openid-connect-core-1_0-final.html"},{"key":"8_CR30","unstructured":"Schreiber, P., Hoffman-Andrews, J., Grauer, Y.: Videoconferencing Guide (2020). https:\/\/videoconferencing.guide\/"},{"key":"8_CR31","unstructured":"Sector7. Zoom RCE from Pwn2Own 2021 (2021). https:\/\/sector7.computest.nl\/post\/2021-08-zoom\/"},{"key":"8_CR32","unstructured":"Silvanovich, N.: Adventures in Video Conferencing Part 1: The Wild World of WebRTC (2018). https:\/\/googleprojectzero.blogspot.com\/2018\/12\/adventures-in-video-conferencing-part-1.html"},{"key":"8_CR33","unstructured":"Silvanovich, N.: Adventures in Video Conferencing Part 2: Fun with FaceTime (2018). https:\/\/googleprojectzero.blogspot.com\/2018\/12\/adventures-in-video-conferencing-part-2.html"},{"key":"8_CR34","unstructured":"Silvanovich, N.: Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp (2018). https:\/\/googleprojectzero.blogspot.com\/2018\/12\/adventures-in-video-conferencing-part-3.html"},{"key":"8_CR35","unstructured":"Silvanovich, N.: Adventures in Video Conferencing Part 4: What Didn\u2019t Work Out with WhatsApp (2018). https:\/\/googleprojectzero.blogspot.com\/2018\/12\/adventures-in-video-conferencing-part-4.html"},{"key":"8_CR36","unstructured":"Silvanovich, N.: Adventures in Video Conferencing Part 5: Where Do We Go from Here? (2018). https:\/\/googleprojectzero.blogspot.com\/2018\/12\/adventures-in-video-conferencing-part-5.html"},{"key":"8_CR37","unstructured":"Silvanovich, N.: Zooming in on Zero-click Exploits (2022). https:\/\/googleprojectzero.blogspot.com\/\/2022\/01\/zooming-in-on-zero-click-exploits.html"},{"key":"8_CR38","unstructured":"Reuters Staff. Google bans Zoom software from employee laptops. REUTERS (2020). https:\/\/www.reuters.com\/article\/us-google-zoom-idUSKCN21Q32V"},{"key":"8_CR39","unstructured":"Sudhodanan, A., Paverd, A.: Pre-hijacked accounts: an empirical study of security failures in user account creation on the web. In: Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022), pp. 1795\u20131812, Boston, MA (2022). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/sudhodanan"},{"key":"8_CR40","unstructured":"Thodupunoori, R.: Part-1 Dive into Zoom Applications (2021). https:\/\/rakesh-thodupunoori.medium.com\/part-1-dive-into-zoom-applications-d70f3de53ec5"},{"key":"8_CR41","unstructured":"Thodupunoori, R.: Part 2: Dive into Zoom Applications (2021). https:\/\/rakesh-thodupunoori.medium.com\/part-2-dive-into-zoom-applications-1b01091345c1"},{"key":"8_CR42","doi-asserted-by":"publisher","first-page":"2633","DOI":"10.3390\/electronics11162633","volume":"11","author":"C Tudor","year":"2022","unstructured":"Tudor, C.: The Impact of the COVID-19 pandemic on the global web and video conferencing SaaS market. Electronics 11, 2633 (2022)","journal-title":"Electronics"},{"key":"8_CR43","unstructured":"Vegeris, O.: \u201cImportant, Spoofing\" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams (2020). https:\/\/github.com\/oskarsve\/ms-teams-rce"},{"key":"8_CR44","unstructured":"Vela, E.: Zoom: XSS in Zoom.us Signup Flow (2020). https:\/\/github.com\/google\/security-research\/security\/advisories\/GHSA-fpgp-vrmv-v8f2\/"},{"key":"8_CR45","unstructured":"Vengattil, M., Roulette, J.: Elon Musk\u2019s SpaceX bans Zoom over privacy concerns -memo. REUTERS (2020). https:\/\/www.reuters.com\/article\/us-spacex-zoom-video-commn-idUSKBN21J71H"},{"key":"8_CR46","unstructured":"Website of the conference of ministers of education (Kultusministerkonferenz). Digitale Lernangebote [Digital Learning Tools] (2023). https:\/\/www.kmk.org\/themen\/bildung-in-der-digitalen-welt\/distanzlernen.html"},{"key":"8_CR47","unstructured":"Wittmann, L.: Visavid - Datensicherheit im Warteraum [Visavid - Data Security in the Waiting Room]. Medium (2021). https:\/\/lilithwittmann.medium.com\/visavid-datensicherheit-im-warteraum-77c184c1d58a"},{"key":"8_CR48","unstructured":"Zoom Video Communications, Inc., Vulnerability Disclosure Policy (2021). https:\/\/www.zoomgov.com\/docs\/en-us\/vulnerability-disclosure-policy.html"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-54776-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,5]],"date-time":"2024-03-05T16:16:38Z","timestamp":1709655398000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-54776-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031547751","9783031547768"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-54776-8_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"29 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 March 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/wp.nyu.edu\/acns2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"230","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"54","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4-6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}