When the COVID-19 pandemic brought the world to a screeching halt in March 2020, businesses and schools bounced back first and foremost in online meetings and remote learning. Most of these meetings were held at Zoom, a virtual meeting forum, and a video conferencing site.
Although things at first seemed fine, several security challenges with Zoom began to emerge that concerned both business and individual users. In this article, I will discuss the most common security issues with Zoom and some tips regarding Zoom security.
Zoom-Bombing:
Increased remote working environment and dependency on Zoom have led to a wave of mischief-makers falling into unsafe Zoom meetings to play offensive content, such as pornography, through Zoom’s screen-sharing feature. They are often sexually abusive and threatening to reach participants using vulgar or racist words. These acts, termed “Zoom-bombing,” have gradually increased in the last few months.
On March 30, the FBI issued a warning after receiving several reports of the Zoom-bombers being attacked. The Agency issued its own collection of protective measures to defend against zoom-bombing, a page for reporting teleconference hijacking incidents, and a page for reporting unique threats received during one of these incidents.
Zoom is not end-to-end encrypted:
Another issue is that Zoom is a relatively young company founded in 2011 that has experienced some increasing stress related to security. In March 2020, the company was widely criticised for a controversial claim that it supported end-to-end videoconference encryption. As is widely used the term refers to the sharing of encrypted content between two end-users in such a way that it cannot be decrypted when in transit, not even by the organisation controlling the servers through which it passes. For example, as Apple explains concerning iMessage and FaceTime, “there is no way for Apple to decrypt the content of your conversations when they’re in transit between devices.”
The Zoom approach was different. According to the March article in The Intercept, Zoom was simply using transport encryption, which is different from end-to-end encryption, since the Zoom service itself would access the unencrypted video and audio content of the Zoom meetings. So, video and audio content will remain private from someone spying on your Wi-Fi when you have a Zoom meeting, but it will not stay private from the company. While Zoom subsequently revealed that it was working on new software that would allow it to implement end-to-end encryption, the fact that uncertainty has occurred at all on this point is security related.
Zoom’s Vulnerabilities:
Three days after the investigation by the Motherboard found that the iOS app from Zoom was sending analytics data to Facebook, Zoombombers targeted business meetings and raunchy email, audio, and images in classrooms. These journeys were only the beginning.
The month of April 2020 turned out to be a tough one for Zoom. From day one, allegations of leaked e-mail addresses and customer data available on the Dark Web were widespread.
Zoom responded immediately, improving security by establishing “waiting rooms” for safe access to classrooms and meetings. However, the effort was too little too late as far as most school districts were concerned. Many schools had discarded Zoom and adopted Google Meet to prevent significant breaches of the privacy of their students. Yet, Zoom sought to fix and overcome their overwhelming security concerns (as any company willing to protect its market share would have done).
Zoom keystroke snooping:
Researchers in Texas and Oklahoma have revealed that it is possible to say what someone is typing during a Zoom call only by watching their shoulders and arms.
Using a computer, the research team was able to find people’s passwords up to 75% of the time depending on the resolution of the camera, and whether the subject was wearing a sleeved shirt or long hair.
Any kind of video conferencing tool could be used for this, the researchers said, as could YouTube videos or streaming services like Twitch.
Zoom’s Security Tips:
Zoom has grown in the last few months, from 10 million meeting participants in December to more than 200 million as of today. With this rise in use, the security of Zoom has been brought to light. If you are worried about Zoom is safe to use, the answer is that it depends on a few factors, but using a few safety tips, you can keep your online conferences safe and secure.
- Do not use the (single personal meeting ID for all meetings, instead use the randomly generated ID for each meeting. Create separate passwords for each meeting to be secured.
- Always enable the “Waiting Room” feature before you start a meeting. Zoom has a feature called “Waiting Room” that allows you to control when a participant enters the meeting. As a host, you can either accept the attendees one by one or keep all the attendees in the waiting room and accept them all at once.
- Disable “join before host” to prevent attendees from joining the Zoom meeting before the host. This is crucial because, with this setup, the first attendee who enters the meeting will automatically become the host and have complete control of the meeting.
- Inspect the list of participants frequently during the meeting to ensure that no intruders are present.
- Disable file transfer so that no confidential files can be hacked or displayed by unwanted parties.
- Use a security solution that offers an app risk assessment to detect possible fake and out-of-date versions, search for unwanted network traffic, and block malicious connections.
Is Zoom is still safe to use?
Does all this mean that Zoom is not safe to use? No. Unless you address state or corporate secrets or disclose personal health information to a patient, Zoom should be good.
There is not much risk of using Zoom for school classes, after-work meetings, or even work meetings that stick to regular business. Kids are likely to continue to flock to it since they can also use Snapchat Zoom filters.