Zoom Security Vulnerabilities
Zoom meetings have become a household phrase and means of communication across the globe at a dazzling rate since the COVID-19 crisis hit us all. The number of users daily in December 2019 was around 10 million. As of March, that had jumped to 200 million.
Zoom Video Communications is an American company with headquarters in San Jose, California. It was founded in 2011 by Eric Yuan, formally an engineer at Cisco Systems and now a very wealthy man.
The appeal of this video conferencing tool has lessened, however, in recent weeks.
First, there was the discovery that Zoom was sending iPhone device data, including user IP addresses, to Facebook. This then forced Zoom to update their iOS app. Then security issues with the Zoom Windows client and the macOS installer were discovered. Hackers could use the group chat feature to share links that would divulge the Windows network credentials of anyone who clicks on them.
Another discovery, made by the University of Toronto’s Citizen lab, made public the fact that Zoom’s end-to-end encryption claim is misleading. The encryption in use is in fact sub-standard.
With the discovery of these security concerns, Canada has recently banned the use of Zoom for government purposes. Other major organizations have also done so, including Elon Musk’s Space X and the New York City Department of Education. In the case of the NYC Department, teachers were instructed to use Microsoft Teams instead.
Another issue with Zoom, is that some users are experiencing Zoom-bombing. This is where ill- intentioned individuals are crashing meetings and displaying disturbing pornographic and violent images.
Zoom does offer some best practice advice when conducting on-line meetings:
- If you share your meeting link publicly, such as on social media, anyone can join your meeting using that link. If that isn’t your intention, share your link privately to only those you wish to attend.
- Avoid using your Personal meeting ID (PMI) for public events. Your PMI is your personal meeting space that random people could crash, even after the meeting is over. Instead, generate random meeting IDs.
- Use the “Waiting Room” feature, as this allow the host to control who can enter the meeting.
Other suggestions from Zoom can be found at the links below:
- Allow only signed-in users to join
- Lock the meeting
- Remove unwanted or disruptive participants
- Prevent removed participants from rejoining
- Turn off file transfer
- Turn off annotation
- Prevent participants from screen sharing
- Put participants on hold
- Disable video
- Mute participants
- Disable private chat