With most of the employed world currently now working at home to avoid the spread of the coronavirus, apps and programs that make remote work easier have become household names. One such program is Zoom, a platform that facilitates video conferencing. However, with the rise of its popularity, many concerns about its security have also emerged. In just the past month since state and national governments started imposing lockdowns, the number of Zoom downloads has increased by more than 500%. High-profile personalities such as UK Prime Minister Boris Johnson have been known to use the platform as they are on quarantine to attend video conferences.
However, many sectors have also expressed concern regarding its use, with online security experts questioning its security features and doubting the safety of users’ data in the platform. New York’s attorney general, Letitia James, has already demanded the company to inform the public of measures it had taken for security concerns to be addressed and whether the sudden ballooning of its users is something the company can cope with. Zoom announced then that all its resources will be focused on addressing safety and security issues raised by its users in recent weeks.
But what issues plague Zoom? Should we as Zoom users look for alternatives or are our concerns being addressed competently?
The rise of ‘Zoom bombing’
The FBI announced it with the recent rise in the use of Zoom, there have also been more incidents of “Zoom bombing” or video hijacking in the platform. According to the FBI, they are investigating increased incidents of hackers infiltrating video meetings, shouting racial slurs and issuing threats. The bureau is looking into connections of these hackers and ransomware hackers who until recently, have also victimized businesses.
Though Zoom-bombing quickly became a meme, US law enforcement officials are warning users that their behavior is more than just disruptive. In many cases, it could be illegal.
Absent end-to-end encryption
While it used to be that Zoom boasted its platform as having end-to-end encryption, apparently it is not. End-to-end encryption is a feature that cybersecurity savvy users are always on the lookout for, as it secures communication platforms so that whatever goes into the platform can only be accessed by the users involved. Zoom has since then confirmed that end-to-end encryption is not yet present on the platform.
The Intercept asked a Zoom spokesperson whether video meetings that take place on the platform are end-to-end encrypted, and the spokesperson said that “Currently, it is not possible to enable E2E encryption for Zoom video meetings.”
Flaws on its security features
As early as 2019, Zoom users were surprised when it was revealed that a hidden web server had been installed on user devices which could add the user to a call without his or her consent. Recently, there has also been a discovery of a bug that could allow hackers to take over a Mac of a Zoom user through the device’s webcam and microphone.
One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees.
Another feature Zoom has been criticized for is its “attention tracker,” as this allows a meeting host to see if a meeting attendant has clicked away from a Zoom window for 30 seconds or more. While it feels like it could allow meeting hosts to know who among the attendees are paying attention, it could also be viewed as an invasion of user’s privacy, as they shouldn’t feel like they’re under surveillance while supposedly just attending a meeting.
Zoom has an attention-tracking feature, for example, which notifies the host of some video calls if participants click away to look at something else. The company has actively promoted this feature to educators, explaining it’s a good way to monitor which of your students is slacking off.
If a failed hard drive gives you a headache as you work remotely, our laptop data recovery service may help you with that. Read here to know more about our services: https://www.harddriverecovery.org/hard-drive/.