The pandemic has changed our lives in a lot of aspects. Summer vacation ideas turned into Staying Indoors, with no live socialization, meeting up with your friends and even just the occasional stroll outside being banned, one thing that didn’t get disrupted is having to attend classes, and work, but from home. With millions of new downloads, Zoom quickly became the talk of the town. But now it’s for different, rather unpleasant reasons.
When you upscale something, you also upscale most of its vulnerabilities too. That’s exactly what happened with Zoom. It had all the security issues that we are talking about out loud today, but there were not enough people using it to complain about it loud enough for the world to hear. Now that Classrooms have turned into Group Video Calls, and Round Table Conferences are a thing of the past and you now attend them from your breakfast table, Zoom’s user base has expanded far and wide, enough to bring out the elephant in the room – its security issues.
In the era where data is the most sought after resource and the seekers don’t mind to use means that aren’t necessarily considered fair-play, Zoom has become the latest subject to come under the eye of scrutiny. With issues ranging from something as simple as being unable to keep a meeting restricted to a closed group of people, to IP addresses being sold on the dark web, there’s a lot that’s going on.
We are dividing these into three categories based on decreasing the intensity of the threat.
Your data in the hands of hackers!
It’s been proven that by using a method called Credential Stuffing, hackers can easily get into any meeting, at times random ones. Once they do so, your meeting is at the mercy of their creative will. From recording your meetings to sell confidential information to recording your webcam feed, geolocation, phone number, email IDs, whiteboard data and the files shared, or just vandalizing your business meeting – you can be the prey to any of this and there’s not much you can do once your data is collected and is on sale on the dark web.
Zoom exploits are also being sold on the dark web for tens of thousands of dollars and it can say only one thing – There is enough interest out there to exploit the risk factor. Also, did you know that zoom meeting are not end to end encrypted! This means a person with malicious intent doesn’t necessarily have to get into your meeting to steal your precious data!
Your data in the hands of Zoom
Zoom, just like any other company collects data from its users. Much like a few of those companies, they also share your data with their advertisers and what’s not very pleasant to come to know that the data they collect ranges from your Personal details in your Zoom account, your geolocation and your usage data to your cloud recordings and the files you share on the app, screen shares, IM texts within the app, and not just that but also video transcripts of your meetings.
This data is stored off at their servers and as far as the news has covered, neither are they secured with good enough encryption. Even otherwise, so much data at one spot is a beehive for hackers.
Your meetings at the mercy of ZoomBombers
This has become a huge issue of late in classrooms but that doesn’t mean other meetings are safe from ZoomBombers either. Unauthorized users joining a meeting, spamming the call with annoying annotations, disturbing audio and webcam feed has become the favorite pastime of pranksters ever since the use of zoom increased by a whopping 67% with the Coronavirus lockdown all around the world.
While this might seem like a rather harmless prank, the potential security threats that this might pose are as severe as a hacker joining in as anyone can sabotage the confidentiality of your meeting. Securing your meeting with a password can only make it so much more secure but not entirely if it’s a classroom.
The Ministry of Home Affairs through its Cyber Coordination Centre (CyCord) declared that Zoom is an unsafe platform to conduct any sort of meetings, while other countries and several organizations have taken stricter measures to curb the use of zoom. We will compile a list of ways to increase the security of your zoom conferences for those who have no other option but to continue using zoom but if you are a professional, we’d suggest against it.
We have a new article which explores a more secure, more flexible and completely free video conferencing solution called Jitsi. You can build yourself massively scalable multiparty video conferencing solution.