Table of Contents
Table of ContentsContinuous Increase in Zoom BombingEnd to End EncryptionMicromanagement By In-App SurveillanceCommercializing User’s DataOther Security Flaws With ZoomZoom Executive About Issues & Further Plan of Action
User data breach history is quite trendy these days that has made headlines more often than ever in the last few months. From Facebook to TikTok, everyone has had loopholes in their security that got breached & millions & millions of users got impacted. Recently, several privacy and security flaws on Zoom (video conferencing service) were uncovered that are too many to count.
Since all of us are spending quarantine time at home due to the Novel Coronavirus outbreak, using the Zoom video conferencing app has become a necessity. The total numbers of active users have increased exponentially on Zoom due to work from home, thanks to the COVID-19.
Flaws With Zoom Video Conferencing App
Every app we use nowadays, we put ourselves in a position that may expose us to be a victim of cyber-attack. Due to security & privacy flaws, the hackers can break in through loopholes & get hold of your confidential information.
Zoom has experienced multiple reports from last week concerning privacy & security flaws that made a lot of entities banning the app. In the past month, the company has seen more than 535% increase in active users due to Coronavirus pandemic & I believe the choice went wrong somewhere on the way.
Since almost everyone has started using Zoom for video conferencing (work from home), now a lot of them have taken a step back.
Continuous Increase in Zoom Bombing
On 30th March, FBI warned the public about increasing cases of Zoom Bombing where your video conference can be disrupted by pornographic and/or hate images and threatening language. It was a case of hijacking video-teleconferencing feature on Zoom which emerged to a level that users started feeling insecure using it.
I believe the reason can be that Zoom meetings can be accessed by short number URLs that are a cup of tea for hackers. Zoom has released the guidelines to prevent the unwanted guests from hijacking your video events.
End to End Encryption
Every service that lets users share the communication through text messages, snaps, video clips, or any other mode, has to be end-to-end encrypted. Period! End to end encrypted messages or video clips can only be read by the sender & receiver only. For everyone else, it’s just a random code structuring that won’t make sense for them. Everywhere, Zoom has stated about it’s video meeting feature being end to end encrypted, however, actually it just isn’t.
Zoom says all over the place—on its app, website, security white paper—that its video calls are “end-to-end encrypted,” but when @theintercept asked them about it they said:
“Currently, it is not possible to enable E2E encryption for Zoom video meetings.” https://t.co/4e0oPg2tta
— Trevor Timm (@trevortimm) March 31, 2020
Recently, when asked about the E2E encryption by the Intercept, Zoom stated, “Currently, it is not possible to enable E2E encryption for Zoom video meetings.”
Micromanagement By In-App Surveillance
The only worse thing an employer or a teacher can do is micro manage the employees or students. The feeling is like someone is watching you every single second of your day that doesn’t feel less than stalking.
Similarly, Zoom has a feature called “attention tracking” that precisely identifies the user who has been away from active Zoom windows from 30 seconds or more.
Wherein It’s quite handy for employers or teachers to keep a tab on employees/students, it’s a privacy concern as well.
That is why, effective from April 2nd, 2020, the attention tracking feature has been removed from Zoom app.
Commercializing User’s Data
Commercializing a user’s confidential data isn’t a new thing we are hearing nowadays. Previous incidents have provided that the social media apps gather our data and resell it to some other entity. And shockingly, Facebook is connected to this directly or indirectly.
It’s been observed that Zoom is sending out iOS users data to Facebook for reselling even if you don’t have a Facebook account. Obviously, the company will deny anything like this, however, one of the users files a lawsuit with Zoom failing to safeguard the personal info of the millions of users” on its platform.
The company has made changes to its privacy policies after the incident that can be checked here.
Other Security Flaws With Zoom
Apart from the above that have been discovered recently, there are other flaws that already exist with Zoom. A few months ago, it was discovered that Zoom quietly installed a web server on user devices that could add the user to any call without his/her permission. And the latest flaw is about hackers taking control over user’s Mac including webcam & microphone.
Ever wondered how the @zoom_us macOS installer does it’s job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed). pic.twitter.com/qgQ1XdU11M
— Felix (@c1truz_) March 30, 2020
Just a by the by: “private” messages sent to individual people during a Zoom meeting show up in the end-of-meeting transcript along with all other public messages.
Tell your friends, save a life.
— Christian Moriarty (@MoriartyCR) April 3, 2020
So, let’s just agree on one thing that Zoom is Malware and it’s been continuously failing at user’s security & privacy. Making the lives of the users more on a dangerous platform, Zoom isn’t able to keep the security layer as strong as expected.
Zoom Executive About Issues & Further Plan of Action
“We recognize that we have fallen short of the community’s – and our own — privacy and security expectations,” Yuan wrote, explaining that Zoom had been developed for large businesses with in-house IT staffers who could set up and run the software. Zoom would be “enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.” – Eric S. Yuan (Zoom CEO and founder)
Zoom has become one of the most necessary apps in the quarantine period due to the COVID-19 outbreak. The immense increase in the number of users has certainly helped Zoom with revenue. However, they didn’t get back the same. The continuous breaches & security flaws have failed to keep the user’s data secure as expected.
For now, keep a tab on using Zoom video conferencing apps as you might become a victim of losing data over an app.