Ever since the beginning of the Coronavirus outbreak, Zoom has become the most well-known and widely used video conferencing platform. Used by corporations, universities and schools, families and more, millions of people around the world have found themselves desperately in need of a platform to hold meetings, see loved ones and cope with social distancing. The video conferencing app, that previously boasted 10 million users during busy hours, quickly shot up to 300 million during peak daytime hours. But as Zoom’s popularity rapidly rose, so did concerns about the platform’s security.
With the newly widespread use, the platform soon faced countless types of attacks targeting its users. The most common, known as “Zoom-bombing”, is a new attack type in which people maliciously enter Zoom meetings and cause havoc – yell slurs, draw inappropriate pictures on a shared screen, and more. Furthermore, many exploits in the platform were uncovered. For example, Patrick Wardle, a Former NSA hacker and security researcher, revealed two "zero-day exploits" in the platform last month. These vulnerabilities allowed hackers to use the Zoom installation on a user’s machine to gain access to their microphone and camera, or in another attack method, to their entire device.
Security flaws discovered in April also showed that the Zoom application was leaking users’ email addresses and photos, as well as access to LinkedIn profile data, and that video call recordings were left unprotected and viewable on the internet. Later on, it was revealed that half a million compromised Zoom accounts were being sold on the dark web. In addition, although promised in their marketing materials, Zoom had not implemented end-to-end encryption for the call data sent back to their servers.
Zoom has also faced public criticism in an additional field – user data and privacy. In March, it was uncovered that the Zoom iOS app sent user analytics data to Facebook, even for users who did not have a Facebook account. By this point you are probably wondering - how is Zoom coping with these pressing security issues?
In response to security and privacy concerns, Zoom has pivoted to make these issues their main focus. The company has launched a 90-day plan to substantially improve the platform’s security. Security features and patches that have been introduced, as well as plans for the Zoom 5.0 release at the end of May, include:
So, as you can tell, this blog post is dealing with a tricky question. Zoom has faced heaps of criticism about its security problems, but it is also working very hard to combat them. Since they are by far the most popular platform right now, it makes sense that Zoom will continue to be the most-targeted program. If you’re considering changing your default video conferencing platform, we recommend reviewing the different options before you choose one that suits you. Kaspersky has released a great videoconferencing app security comparison. If you are set on using Zoom, we highly recommend you always use a password for your sessions. If you are an organization, you can also use your own custom subdomain.
Due to the impact of novel Coronavirus (COVID-19), ThreatSTOP is offering 3 months of MyDNS free, or until the stay at home orders expire. Whichever is longer. With the COVID-19 crisis comes an unprecedented transition to a work from home workforce, and a massive increase in cyber attacks. Because people need to work from home, we want to provide the cyber security protection they should have at work, for free.
Unlike other solutions that send all your data or DNS queries to their Cloud, creating privacy issues and potentially exposing critical company data to hacking and theft through man-in-the-middle attacks, our MyDNS puts a DNS Firewall enabled DNS server onto your device, keeping your traffic under your control and preventing DNS hijacking by enforcing DNSSEC.
Easy and quick to set up, no hardware, no contracts or obligations, and we're here to help.