There are some concerns about the security of the Zoom platform
As working from home increases, more businesses are turning to Zoom. There are significant concerns about the security of the Zoom platform.
Zoom, a video conferencing platform, is one of the most popular apps for remote work. Founded in 2011, it normally has around 10 million paid daily users. In March, more than 200 million people used Zoom daily.
But Zoom has a terrible record for security, privacy and encryption.
- In July 2019, Zoom released an emergency patch of its software for macOS. This addressed a security vulnerability that could allow people to be spied on through their webcam.
- The Zoom macOS app is indistinguishable from malware. The app abuses various techniques that allow it to install without you having to click install.
- Zoom patched its iOS app In March 2020, when it was found to be sharing data with Facebook. The data sharing was not declared in the Zoom privacy policy. Data was shared, along with a unique identifier that can be used for ad-targeting, regardless of whether you had a Facebook account.
- Zoom updated its privacy policy in March 2020 to claim “we do not sell your personal data”. However, Zoom still shares your data with third-party advertisers, such as Google.
- Zoom has clarified that its service does not provide end-to-end encryption. And there are a number of concerns about who has access to the encryption keys. If the keys are generated on a key management server in China, Zoom may be legally obligated to share them with Chinese authorities. And what’s more, the keys use 128-bit AES encryption and EBC, the worst encryption mode, to encrypt and decrypt the keys.
And it’s not just reporters and information security professionals who take issue with Zoom.
- The UK Prime Minister, Boris Johnson, has used Zoom to run digital cabinet meetings. Now, the Ministry of Defence has discouraged the use of the service due to security concerns.
- The FBI has issued a warning about teleconferencing and online classroom hijacking, also known as “Zoombombing”.
Obviously, businesses will continue to use Zoom. So it is important to know what options are available to make calls more private.
If you are invited to a Zoom meeting or plan to host a meeting, read this Mozilla guide to making Zoom gatherings more private.