Over the previous month, the video chat programming Zoom has seen explosive development in view of, you know, the thing. Be that as it may, that development has likewise accompanied expanded examination and a huge number of revealed security screwups. Taken individually, a significant number of the issues appear to be more messy than malicious or sneaky, however taken in total, they make a billion-dollar traded on an open market organization appear as though it’s held together with conduit tape and string.
A Sketchy Installer
There was the problem with Zoom’s installer, which took over admin privileges to gain root access to a user’s computer. That access could be abused to surreptitiously install programs without the user’s knowledge, including the ability to access a user’s webcam and microphone. (Last summer, a security researcher found a Zoom feature that opened up vulnerabilities by turning any user’s computer into a local server. In an unprecedented move, Apple silently pushed out an operating-system update to disable it.)
Dubious encryption
That monitoring would be less of a concern if Zoom were encrypted end-to-end, as the company claimed in marketing materials. But it admitted to The Intercept that Zoom did not use E2EE for video calls. Zoom uses some encryption (known as transport encryption) but not the more secure end-to-end type. Some of the confusion stems from defining what an “end” is. Zoom seems to think that its servers, acting as middlemen between users, count as such.
Zoombombing
There’s also the rash of “Zoombombing” that has gone on. People are guessing or finding Zoom meeting ID numbers online and entering uninvited to leave disruptive comments or share disruptive media using Zoom’s screen-share feature. Finding open meetings, which have IDs from nine to 11 digits, is relatively simple and has already been automated. Until a patch issued this week, the meeting ID would often be highly visible in screenshots
Zoom says it has patched out many of the security flaws. The company has also turned on common-sense features, such as password-protecting meetings by default, to prevent Zoombombing. CEO Eric Yuan also published an apologetic blog post at the beginning of April, announcing a 90-day feature freeze, shifting all development resources toward bolstering security.
Worried about Zoom’s privacy problems? An Alternate Option video-conferencing options
Skype
Released in 2003, Skype is one of the longest-standing options for video chatting. It was bought by Microsoft in 2011 and is a free option for one-on-one or group video chats.
Pros: Skype isfree, easy to use and widely known.
Cons: The maximum number of people who can join a Skype meeting is 50, making it a difficult option for larger organizations or big get-togethers.
Jitsi Meet
This video-conferencing platform was founded in 2003 by a student in France, and it has gained popularity as a more secure alternative to Zoom.
Pros: Jitsi Meet is free; open-source, meaning outside parties can check its security; and encrypted.
Cons: It allows a maximum of 75 participants in a chat (and a “better experience” with 35 or fewer).
Companies that have banned Zoom
- Google has banned Zoom from company-owned computers; administrators will disable it this week, and Google employees have been directed to use Duo instead.
- SpaceX has forbidden employees from using Zoom, citing security and privacy concerns.
- Smart Communications, a Philippines-based ISP, has banned Zoom for internal use.
Governments and government agencies that have banned Zoom
This list of countries where Zoom won’t function is based on the US government’s list of sanctions; countries on that list are not included here.
- Taiwan has banned Zoom for use by all government agencies.
- NASA has banned all employees from using Zoom.
- The German Foreign Ministry has restricted Zoom use to personal computers in emergency situations only, as reported by Reuters.
- The United States Senate has urged its members to choose platforms other than Zoom due to security concerns but has not issued an outright ban.
- The Australian Defense Force banned its members from using Zoom after an Australian comedian Zoom bombed one of its meetings.
