As millions of people stay home to stem the COVID-19 pandemic, videoconferencing applications are experiencing explosive growth in work, education and entertainment. From all platforms, the application Zoom seems to be the one playing the leading role.
However, the huge demand from individuals and companies has helped to reveal the privacy and security issues faced by this platform, which is now used for daily video conferencing even by British Government (It is very interesting of course that the British Ministry of Defense prohibits its employees from using this application).
The app's creator has been criticized on many fronts, from privacy advocates and security experts to U.S. Attorneys General Senator Richard Blumenthal, or even the FBI. The bad news has increased in recent days, forcing the company to respond to what is being attributed to it.
Earlier this month, the company's founder and CEO Eric S. Yuan apologized for the problems and presented the measures taken to enhance the security and privacy of the application. Zoom. He also announced the freeze on the addition of new features for next 90 days, adding that all the company's resources and technicians will "focus on resolving issues of trust, security and privacy".
These are the five key points that her technicians focused on Zoom last week:
• In the context of the privacy statement, the Zoom failed to mention that the iOS version of the app is shipping analytics data on Facebook even if users do not have a Facebook account, according to data posted by Vice last week. The company recognized the problem and removed the Facebook Software Development Kit (SDK) from iOS. However, a lawsuit against her is pending in California Zoom.
• Despite the assurances to the contrary, according to a survey conducted by the news organization The Intercept, video conferences are made through the application do not support end-to-end encryption. THE Zoom apologized and clarified that it uses TLS encryption. The noticeable difference is that this method allows the company to access users' communication.
• Several security vulnerabilities in the application were also identified, although these were quickly fixed. In the version for Windows, a vulnerability (UNC path injection flaw) was detected that could reveal the login credentials of Windows users and lead to execution of arbitrary orders on their devices. Two more bugs, which affected the version of the application Zoom for Macs, they allowed someone to attack and take control of the computer.
• The company also removed the "attendee tracking" feature of the application Zoom and enabled the video conferencing host to check if participants were watching closely when the app was in screen sharing mode.
Finally, after numerous complaints, the FBI issued a warning that trolls and pranksters were harassing private video calls and online school classrooms.
These issues may have affected a large number of people, as in the past three months, the number of users of the platform has jumped from 10 million to 200 million. As Yuan admitted, the application Zoom was not ready for this unpredictable growth. "There is now a wider range of users who use our product in thousands of unexpected ways, putting us in front of challenges we did not anticipate when the platform was created," he said.
ESET: How to stay safe
According to ESET, even in this age of remote work we must not overlook the issue of privacy and security (and not just when it comes to videoconferencing). As impressive and feature-rich as software is, it can expose us to new threats.
• Use passwords to protect conferences and / or control participants with the "Waiting Room" feature offered by Zoom.
• Allow screen sharing only on the host.
• Use the latest version of the application Zoom.
• Do not post links or meeting IDs on social media.
• Prefer to use meeting IDs rather than links when inviting other participants to Zoom, as there has been an increase in malicious domains trying to take advantage of the unexpected success of the application.