The video conferencing platform, Zoom, has recently made waves across the globe since countries have initiated lockdowns. This application became the go-to conferencing site by companies and schools even to hold meetings or even classes. Unfortunately, there are several Zoom privacy and security issues that cropped up.
Eric S. Yuan, Zoom’s CEO, has already apologized for these issues found in their application. They recently announced that there will be a 3 months freeze on their features to help heighten security as well as user privacy of their program. Additionally, there were two features rolled out that were aimed to secure the software even further. Despite that, schools across the United States had banned the use of this platform in online classes.
Types of Zoom Privacy and Security Issues
Although many are still using this application today, and you are planning on doing the same, it is best that you are familiar with the issues surrounding it first. Here are a few that are worth mentioning.
One example of a Zoom security issue that you should be aware of is the zoom-bombing. The problem with this issue is that anyone can get into any video conferencing ongoing and flash contents that aren’t appropriate. Although the host of the online meeting can delete these users or remove them from the call, they will still come back with their new accounts. This is not surprising given that meeting IDs are required to attend a Zoom conference. Unfortunately, since this app is not safe, any meeting becomes vulnerable to such attacks.
Zoom answered this issue by producing two additional features that will strengthen passwords that are used for making calls. They also recommend their users to avoid sharing their passcodes to others since they will leave their meeting vulnerable to attacks.
Lack of End-to-End Encryption
Based on a report that was conducted on this application, the end-to-end encryption that the company said they have for their software is lacking. Zoom clarified that their idea of this type of encryption is not the same as that of other companies. Basically, data from Zoom is often decrypted from the server-side allowing the company access to conversations in meetings. However, Zoom has given its assurance to its users that they do not decrypt any transmissions they receive.
User Data is being Sold
Leaked Photos and Emails
Another example of Zoom privacy and security issues that are worth mentioning here is that Zoom has been found to leak email addresses as well as profile photos of their clients. Email addresses of users having the same domain in their email will find that their user account is stored in a universal folder that anyone can access. This won’t work in big email companies such as Outlook, Gmail, and the like. However, this is a standing problem with users who are patrons of smaller email clients. This problem was experienced by Dutch users who saw details about themselves, such as usernames, email addresses, and even photos stored in the folder.
What other Zoom privacy and security issues were discovered? It appears that the installer of the program itself is a bit sketchy. This is due to the fact that it will automatically take over the privileges of an administrator in order to get root access to their user’s own computer. This takeover may be abused by the company by installing programs without the consent of the user and even access the computer’s microphone and the camera just to name a few. Apple was quick in preventing this from happening by releasing an update to its iOS that will disable this function of Zoom.
Strange Routing Behavior
There are several questions surrounding Zoom’s behavior regarding where the data they collect is being sent to. Researchers determined that the company was giving Facebook user data even when that person isn’t using the app. Zoom later apologized for making a wrong move with their traffic routing of data as they were inadvertently sent to China. China is well known for its heavy monitoring of all internet usage. Tech companies that have a business in China are quite strict when it comes to handling online traffic between local and international traffic.
Zoom has stated that they have already addressed most of the flaws in their security. They have already enabled features like password protection during meetings to prevent anyone from hacking into meetings. Yuan claimed that their product wasn’t designed with the idea that it will be used by millions of people all of a sudden. He further wrote that they did not expect that their program will be used in various ways which revealed challenges to the company.
Although the company has already said that they fixed the errors, users are still checking out if there are other choices. The education department of New York has already recommended their schools to look for other software programs for teleconferencing for their classes. Taiwan has already banned the use of Zoom for fear that China is spying on them. The same goes true with Google where they prevented their workers from using the app on their company-issued devices.
Should you be worried about Zoom? If the nature of your work is sensitive, it is best that you look for other conferencing platforms. Companies like Microsoft, as well as Google, may be more favorable because of their tight security. On the other hand, if it is for regular use only, or you have the latest update on Zoom, plus you have your own security measure in your phone or your computer, then it is less likely to worry about security issues. Is it safe to use Zoom? Although they have addressed the flaws already, discretion will be up to you.