9

In case you don't know, there is a website called join.me which lets you do screen sharing from a browser, using a flash program that is on the web page.

Until I encountered this service, I had no idea that flash was able to do screen reading, as opposed to simpler tasks like using the web cam. But if it can do that, could it not also be recording keystrokes, storing all data from a session for someone's perusal, or the like?

Once you trust a website to provide a viewport into your company's computers' screens, who is to say that they will not be sharing details of the session? And given the nature of flash, who's to say that the session is really closed just because you close the browser window?

Kerbie
  • 101
  • 1
  • 1
  • 4

2 Answers2

6

While the "watching a screen" aspect of that site is pure flash, the screen sharing component is not. When you attempt to share your screen, it downloads an executable to install; an .exe on Windows, and a .pkg on Mac.

So, yes - it's a foreign binary with the capability to steal all of the data you mentioned and more; but the sharing isn't using flash, so your fears on its access to data outside of the browser are (thankfully) not the case.

Shane Madden
  • 536
  • 5
  • 8
1

An audit of the code behind Join.Me could provide much deeper insight as to whether things like keystrokes and things like that are recorded. How probable it is that you'd get to do that audit or have them let someone look at their code depends on the developers that were responsible for Join.Me.

However, here is my answer: given enough time and resources/effort, any system is capable of being compromised/hacked. The likelihood of such a hack is what you have to weigh when thinking about which service or vendor to use.

There is always risk involved, it's just about how many other mitigating factors you have in place to address the risk and then you either accept it and use the product/software or you don't.

Brad Bouchard
  • 628
  • 1
  • 5
  • 13