In this COVID-19 pandemic, the whole world is in a state of panic. Thousands of people have been diagnosed with the virus, causing more than 50 thousand deaths all around the world. In such a situation, many countries have announced a complete lockdown. Which means, all the school, colleges, offices and stores are shut down. But as this was not ‘holiday time’, schools, colleges, and offices had to make sure that they do not stop with their routines. So, they started going online. Schools and colleges went for online classes, while offices declared ‘work from home’ for all their employees. This raised a need for online calling and conferencing platforms, both audio and video. And as a result, the remote conferencing service Zoom became popular.
A few months back, if people would have been asked about Zoom, they probably would not have heard of the platform. Because these video conferencing platforms are used very rarely. People prefer going for skype or hangout for their routine communications. The year 2020 reports show that over 2 million new users joined Zoom by the end of February. And it has been increasing since then. And now, almost everyone knows about it.
This sudden popularity of Zoom could be one of the reasons for its vulnerabilities to be in the spotlight today. There are many privacy and security concerns that the Zoom app is not satisfying. And most of these are zero-day vulnerabilities, which means no one has been looking into them so that they could be fixed. Also, the app claims for their video chats to be end-to-end encrypted, while they actually are not. There are many other concerns that the company should be looking into if they want to maintain their user base and their users’ trust.
Some of the major security and privacy breaches of the Zoom app are:
Table of Contents
Sending data to Facebook
Zoom’s iOS app is secretly sending the users’ data to Facebook. It does not matter if the user has a Facebook account or not, Zoom would still be sending their device’s model, their carrier details and their habits on the app. This lead Zoom towards a class action lawsuit.
macOS vulnerability
Zoom app for macOS installed a web server, secretly on the users’ Macs. This resulted in giving access to webcams of systems to malicious websites, without the user’s permission. Even if the user uninstalled Zoom, this secret web server remained of the system. To fix this problem, Apple released an update for all the Macs. This update was silent which means, it did not require any input from the user’s side to be installed on systems.
The false end-to-end encryption
End-to-end encryption means that no one, including the app itself, cannot access the data in the video calls or chats. While Zoom claimed for the same, it did not provide it. Zoom can access the data on the calls and chats. What it provides is the transport encryption. This means, that encryption is provided for the connection to Zoom’s server from its app. But the claim of end-to-end encryption, that is provided on its website, is false.
The ‘Attendee Tracking’ feature
Now, it is obvious that while attending a video conference, nobody is “just” in the video conference. The attendees are moving here and there on their systems for other jobs too. But this is not possible in the case of Zoom. As when an attendee tries to switch their screen from the Zoom app to any other software for more than 30 seconds, the app informs the host of the conference.
Though there is an option of disabling the feature in the app, if the host makes it compulsory, attendees actually do not have anything in their hand. So while using the app next time, think before leaving it in the background because the host of the conference might see it.
The Zoombombing
Hackers have been old rivals of companies and with good security measures, companies keep a check on them. But as now people are working from their homes, they are easy targets for hackers. Because most of the people do not implement sufficient security measures in their house’s networks. This happened with Zoom too. Due to the loose privacy policies of Zoom, hackers are entering into many video conferences held on the app. And they are showing disturbing images to the people attending them. Some of these hackers are just doing it for pranking people, while some are trying to attempt cybercrimes.
So, everybody should make sure that their home’s network is nicely secured. This way, they would be able to keep hackers away from their conferences.
The Cloud recording feature
If this feature is enabled on a user’s account, then the host of a conference the user is attending or any person, the user is having a conversation with, can easily record the conversation and save it to the cloud. These files on the cloud can later be sent to or accessed by any other person, who was not even a part of the conference/conversation. So the next time a user is talking to someone about their teacher or boss, they should remember that their conversation can be sent to them by the other person.
Safety measures
There are three safety measures a user can take to make sure that they do not fall into any kind of problem:
- Do not link it to Facebook: Zoom has an option to login using Facebook credentials. Avoid using that, because that can give Zoom access to more data on Facebook.
- Do not keep it in the background: Even if a user wants to do something while attending a boring conference on Zoom, then they should use a second device for that. This will make sure that the host does not get notified of their distraction.
- Update Regularly: After all these problems were highlighted, Zoom has started working on fixing them. So everyone, still using the app, should update it regularly so that more and more problems could be solved.