The coronavirus pandemic has forced people to take advantage of video conferencing apps to get their work done. This has resulted in a sharp rise in the use of Zoom, the most popular video conferencing app.
Zoom has also found usage in other non-work related settings.
The app has seen huge growth in the number of users who utilize the app for everything from work to virtual hangouts with friends and family to digital school lessons and yoga classes.
It’s at the top of the Android and iOS app stores and is even used by the U.K. government for their daily cabinet meetings.
Due to the extra attention that Zoom has garnered over the past month or so, the company now has to deal with the backlash surrounding its security and privacy measures. Lawmakers along with privacy advocates and security researchers in the U.S., including the FBI, have warned users that the default settings of the app don’t provide enough security.
It’s entirely possible that if Zoom doesn’t address this problem quickly, people will move on to something else.
This isn’t the first time security researchers have raised concerns regarding Zoom security. Just last year, Apple stepped in to remove the app from the Mac App Store. The company was seemingly forced to do so because of a security vulnerability within the app that allowed various websites to take control of Mac’s cameras.
More recently, security researchers have intensified their efforts to bring focus to the company’s less than ideal security practices. Mainly, the app’s default security settings along with the app mechanisms which make it so intuitive.
If someone wants to participate in a call then they have to use that ID number. Without the ID number, they can’t enter the meeting. It’s been found that these meeting IDs are easy to obtain via a brute force method.
Since the app is easy to use, this security vulnerability has given rise to a phenomenon known as ZoomBombing.
Note:
ZoomBombing happens when a prankster gains access to a meeting and then broadcasts various forms of offensive content. Sometimes the content isn’t necessarily offensive, but it’s often distracting.Many of the images shared are from Getty Images or similar sites with the users ignoring the All Rights Reserved labeling.
The company has decided to change the app’s default settings. However, it only did that for education accounts. The company said it was done to address concerns regarding the data security of meetings.
This is important:
If you don’t have an education account, you’re going to have to change the default settings on your own to make sure that no prankster is able to ZoomBomb your next meeting.Then there comes another set of problems with Zoom. Pranksters ZoomBombing meetings represent just one of the many security issues Zoom had to deal with. There are several other privacy and security concerns as well.
The company has updated the iOS version of its app to get rid of code that specifically sent user data to Facebook. This flaw was noticed by a security researcher. Then, Zoom had to adjust its privacy policy by rewriting some of it.
Researchers discovered that the app had vulnerabilities that allowed it to show users targeted ads after using their personal information.
Some reports also say that the app can still leak user information not because someone is actively trying to get a hold of it but because of some problems with the app and how it handles group contacts. Clearly, all rights reserved is not a right Zoom allows its customers to have.
However, the most serious of Zoom’s security problems came out just recently. The company has specifically mentioned on its website that users have the option of securing any meeting with end-to-end encryption. But then they admitted that they misled users as there was no way for the service to enable end-to-end encryption for the app’s video meetings.
The Intercept revealed this via a statement from a company spokesperson after the publication found out that instead of using end-to-end encryption, Zoom was actually using transport encryption.
Again, there are even more problems with the video conference service. Digital advocates recently voiced their concerns about Zoom’s attendee tracking option which allows hosts to track whether or not other users in the meeting have the app in the background or in view on their screen.
A digital rights protection group has requested that Zoom publish their transparency report which would allow them to have a better idea of whether or not they shared data with the government or law enforcement agencies. At the time of writing this report, Zoom representatives have said that they’re in the process of considering the group’s request and that they don’t currently have a transparency report.
In addition to digital advocates and security researchers, there are many other groups who have voiced their concerns about the way the app and service works. In the U.S., the FBI has issued warnings for schools and universities about threats like ZoomBombings and how the app’s default settings can bring along a host of other problems.
Zoom also received a letter from the New York Attorney General’s office which requested that the company respond to security complaints and whether or not the company has launched a review session of its current privacy and security practices.
As far as the most recent problems with the app are concerned, the company hasn’t come out with any sort of detailed response. The CEO of Zoom, Eric Yuan, has come out and said that the company has initiated a thorough review of their practices regarding sharing information with Facebook and other concerns.
Yuan said that the company sincerely apologized for the security concerns and it remained firmly committed to the protection of its users’ privacy and security.
He also added that the company was in the process of reviewing its protocols and other procedures for implementing new features in the future to ensure that such issues don’t arise again.
It may be too late for Zoom as the company is already facing lawsuits that allege they illegally shared users’ sensitive information with third parties. This includes the information they’ve shared with Facebook.
One of the lawsuits which was filed in California demands damages on behalf of Zoom users who come under the protection of the Consumer Privacy Act and who have had their sensitive information violated by Zoom.
All signs indicate that Zoom is going to have to address even more issues in the near future. Some researchers have found that Zoom tried to bypass macOS restrictions utilizing the same tricks that are used to install malware.
Eric Yuan has defended the company’s practice by saying that it’s hard for people to join a meeting when using a Mac which is why applications like Zoom use such tricks. He did add that the company will take these issues into consideration and will improve its service in the future.
How to Make Zoom More Secure
- Always use a password for your Zoom meetings. You can do that from the web portal after you sign in from the Settings tab.Enable the option that says “Require a password when scheduling new meetings.”
- Only allow users to participate who have signed in.
- Don’t allow users to join a meeting before the host. You can enable this option under Account Settings.
- Make sure you’re using the Waiting Room feature which allows you to screen users before letting them join.
- Always install the latest updates for the app.
- Use the Participants tab to remove unwanted users.
- Disable file-sharing.
- Don’t share your meeting ID publicly and use a randomly generated ID instead of your personal Zoom meeting ID.
- Disable screen sharing. Once you have an active session, go to the Security tab to do so.
- Use the Manage Participants tab to lock your meeting by hitting More and then selecting Lock. Doing so will ensure that even if someone has your meeting ID, they can’t enter the meeting after you’ve locked it.
- Use a VPN when using Zoom to protect your data.
FAQ