Many companies are using Zoom as a means of communicating with employees working from home. However, there are specific privacy issues that companies should take into consideration to maintain safety.
Zoom is an app that enables people to meet online from remote locations. Since the pandemic, it has moved to the forefront, and it is the ‘go-to’ app for most companies today. In fact, there were 10 million reported users in December 2019. In 2020, there was an increase of 300 million users. Their stock price has also seen a rise of more than 500 percent within a year. For that reason, the app has become one of those tools for socially engaged groups of friends, families, and businesses.
However, how safe is Zoom when it comes to professional video conferencing? Throughout the app’s rise to popularity, stories have circulated about the privacy and security issues it has. Let us take an up-close look at several of these security concerns, so you can be more aware of what to expect.
1. Zoom Bombing
Zoom Bombing is similar to photobombing, where people will try to include themselves in snaps of unsuspicious individuals. Zoom bombing means you will have people connecting to your Zoom calls without being officially invited. How is this possible? For every Zoom call, each invitee receives a distinct ID number between 9 and 11 digits. Without this number, no one should be able to access the meeting.
Nevertheless, the ID numbers are easy to guess. For that reason, you will have people joining the call as pranksters and creating chaos by using the screen-sharing feature. Zoom bombing can be pretty annoying because it can compromise the company’s data, especially in a private meeting.
2. Less Security With Desktop Apps
You can use Zoom on a desktop, even though it is a mobile app. There are desktop and web versions. Make sure that you use the web version because the desktop version does not have quick access to security enhancements. In addition, the web browser version is more secure because you can only access it from the sandbox of your browser, which means; it has fewer instances to cause issues and does not require as many permissions. You can also opt to use Skype for your business meeting since it securely integrates Zoom into its app.
3. Fake End-to-End Encryption Claims
At the beginning of 2020, end-to-end encryption was advertised heavily by Zoom as its key features. Theoretically, it means those individuals would only see every form of communication between everyone in the chat. The idea was no one could end the encryption, but this claim has proven to be fake because data had been encrypted, even though it was only between the Zoom servers and people on the Zoom call. Even though hackers and snoopers were unable to view the calls on the public WiFi network, the Zoom staff could still see everything. As a result, if law enforcement or a government agency wanted to access those chats, it would be easy for them to do so. In the latter part of October 2020, Zoom introduced their new end-to-end encryption. However, not many people found that to be trustworthy since Zoom waited so long to do so.
4. Copied Zoom Installer
It is a known fact that Zoom installers have been copied by hackers and redistributed to unsuspecting users as bundled malware. In April 2020, a crypto-mining malware was discovered in Zoom installers. If someone were to install this, it would populate the Central Processing Unit of your PC, trying to mine Bitcoin and resulting in not being able to do anything on your PC. While Zoom is not to be blamed for this, it reveals how easy it is for hackers to target and exploit anything that becomes popular, like the Zoom installers.
5. Password Leaks
When a password is leaked, it means that you may think it comes from your service provider. Nevertheless, in the example we are about to provide, Zoom cannot be blamed.
At the University of Oklahoma and University of Texas, it is theoretically written in an academic paper that people could watch how your arms and shoulders moved to tell exactly what you were typing. Twitch and Skype, which are both video streaming applications tend to be vulnerable. The only thing the hackers would have to do is to record your phone call in 1080p and afterward, put it through a special computer program, which would strip the background. Your arm and shoulder movements would be monitored in relation to your head, and the hackers could tell your keystrokes.
What is the lesson in this? While you are on a call, do not log into your account. Additionally, if you have to put in your password, you should first disable the video feed briefly while you type in the password. You should also consider wearing sleeves to cover your shoulders. You should use your ten fingers to type, and the hackers could find it more difficult to use this method.
6. Multiple Security Imperfections
Zoom app does have several security imperfections, but many of these have been repaired. However, the question is how many more of them have not been discovered and puts the user in a vulnerable position for hackers to take advantage of?
Here is a summary of several headlines that reveal Zoom’s security breaches and flaws in 2020:
- In June 2020, according to Talos, hackers used an animated GIF to force users to install malware using the Zoom app
- In June 2020, also revealed by Talos, Zoom neglected to scan the contents of the malware’s compressed files
- In May 2020, according to Trend Micro, there were two incidences where Zoom installers were corrupt and still was able to get backdoor access and spy on a PC owner
- According to Consumer Reports, the privacy policies that Zoom has in place expose users to different types of unscrupulous data collection. In this instance, it means that Zoom would be able to collect data from you while you are on a video conference call. Then combine this from information received from different data brokers to construct your consumer profile and possibly access the videos for facial recognition training.
- Twitter users exposed the fact that Zoom’s private chats were not actually private. Rather, the conversations thought to be private were sent to the transcript received by the host when the meeting ended.
- According to Citizen Lab, in April 2020, it was discovered that attendees of a Zoom meeting could hack the system while waiting for the meeting to begin and get the encryption key
- According to Insights, in April 2020, it was found that half a million Zoom passwords were stolen and being sold by hackers who called the technique “credential stuffing”