The pandemic has changed our lives in a lot of aspects. Summer vacation ideas turned into Staying Indoors, with no live socialization, meeting up with your friends and even just the occasional stroll outside being banned, one thing that didn’t get disrupted is having to attend classes, and work, but from home. With millions of new downloads, Zoom quickly became the talk of the town. But now it’s for different, rather unpleasant reasons.
When you upscale something, you also upscale most of its vulnerabilities too. That’s exactly what happened with Zoom. It had all the security issues that we are talking about out loud today, but there were not enough people using it to complain about it loud enough for the world to hear. Now that Classrooms have turned into Group Video Calls, and Round Table Conferences are a thing of the past and you now attend them from your breakfast table, Zoom’s user base has expanded far and wide, enough to bring out the elephant in the room – its security issues.
In the era where data is the most sought after resource and the seekers don’t mind to use means that aren’t necessarily considered fair-play, Zoom has become the latest subject to come under the eye of scrutiny. With issues ranging from something as simple as being unable to keep a meeting restricted to a closed group of people, to IP addresses being sold on the dark web, there’s a lot that’s going on.
We are dividing these into three categories based on decreasing the intensity of the threat.
Your data in the hands of hackers!
It’s been proven that by using a method called Credential Stuffing, hackers can easily get into any meeting, at times random ones. Once they do so, your meeting is at the mercy of their creative will. From recording your meetings to sell confidential information to recording your webcam feed, geolocation, phone number, email IDs, whiteboard data and the files shared, or just vandalizing your business meeting – you can be the prey to any of this and there’s not much you can do once your data is collected and is on sale on the dark web.
Zoom exploits are also being sold on the dark web for tens of thousands of dollars and it can say only one thing – There is enough interest out there to exploit the risk factor. Also, did you know that zoom meeting are not end to end encrypted! This means a person with malicious intent doesn’t necessarily have to get into your meeting to steal your precious data!
Your data in the hands of Zoom
Zoom, just like any other company collects data from its users. Much like a few of those companies, they also share your data with their advertisers and what’s not very pleasant to come to know that the data they collect ranges from your Personal details in your Zoom account, your geolocation and your usage data to your cloud recordings and the files you share on the app, screen shares, IM texts within the app, and not just that but also video transcripts of your meetings.
This data is stored off at their servers and as far as the news has covered, neither are they secured with good enough encryption. Even otherwise, so much data at one spot is a beehive for hackers.
Your meetings at the mercy of ZoomBombers
This has become a huge issue of late in classrooms but that doesn’t mean other meetings are safe from ZoomBombers either. Unauthorized users joining a meeting, spamming the call with annoying annotations, disturbing audio and webcam feed has become the favorite pastime of pranksters ever since the use of zoom increased by a whopping 67% with the Coronavirus lockdown all around the world.
While this might seem like a rather harmless prank, the potential security threats that this might pose are as severe as a hacker joining in as anyone can sabotage the confidentiality of your meeting. Securing your meeting with a password can only make it so much more secure but not entirely if it’s a classroom.
The Ministry of Home Affairs through its Cyber Coordination Centre (CyCord) declared that Zoom is an unsafe platform to conduct any sort of meetings, while other countries and several organizations have taken stricter measures to curb the use of zoom. We will compile a list of ways to increase the security of your zoom conferences for those who have no other option but to continue using zoom but if you are a professional, we’d suggest against it.
We have a new article which explores a more secure, more flexible and completely free video conferencing solution called Jitsi. You can build yourself massively scalable multiparty video conferencing solution.
Sorry, but this to me appears as a lot of hand waving could be a problem/was a problem, nothing about the latest attempts by zoom to fix issues. (Did they do a good job?) The “We will compile a list of ways to increase security…” should be available *now* not sometime in the future. Nor is there any comparison to the other services. Is zoom normal or really bad compared to everything else? I am a zoom user, I have no interest in them except their system is *much* easier to use for the non-technical folks I have had to deal with lately.
Thank you very much for the input, it helps me a lot to improvise on this.
I’m currently working on the compilation and I’ll make a note to add comparison about the other services too. As for how bad it might be for your use case, you are less likely to be a target of an attack but the risk of data that’s collected being stored in an insecure location still has its weightage. For that I’d suggest you use Google Duo, I believe that doesn’t have said security concerns while being fairly user friendly.