Due to the coronavirus epidemic, video conferencing platforms such as Zoom have seen a huge rise in popularity. Many people around the world are being forced to work from home due to social distancing and lockdowns. Business meeting, online classes, and even government activities are being carried out over these applications. But all of this popularity comes with extra concerns over the security measures in place to ensure user privacy in these platforms and a few shortcomings have been brought to light.
Zoom in particular is facing backlash from security experts and government institutions for not being secure enough in the way it conducts group meetings. The FBI is warning that Zoom’s default setting provide very little in the way of security and could leave users exposed to cyber threats.
The main problem lies with how group meetings are set up in Zoom. Each meeting is given a randomly generated ID that is between 9 and 11 digits long and is used to login to meetings. According to researchers, these meeting IDs are very easy to determine by anyone, including hackers, and can be easily guessed using brute force hacking techniques. This means just about anyone can drop in on whatever Zoom call or meeting they please and undermine the privacy of users.
Zoom’s default settings don’t require a password for meetings and rely only on the randomly generated key. This has led to a phenomenon called “Zoombombing” where people join zoom calls and meetings and share unpleasant videos or cause disturbances. While this is a relatively harmless thing, it raises concerns for other, more malicious, activities such as someone silently listening in on important or sensitive meetings without the knowledge of the concerned parties.
Zoom is working on a fix for this problem and has rolled out updates for its iOS app last week. But to be completely safe, it is recommended that users change the default setting on their Zoom apps to prevent this from happening to them.
This is just one of the many security concerns that have come to light over the past few days about the increasingly popular video conference app. A myriad of other issues exist such as no E2E encryption, attendee tracking and leaking user info for ad tracking purposes. All of this has led to many institutions banning the use of Zoom. Let’s see how Zoom and other platforms solve these problems to make telecommuting a success.
PTCL videos series: Tips & Tricks for Smooth Connectivity