Zoom, a video conferencing platform, is one of the most popular apps for remote work. Founded in 2011, it normally has around 10 million paid daily users. In March, more than 200 million people used Zoom daily.
But Zoom has a terrible record for security, privacy and encryption.
- In July 2019, Zoom released an emergency patch of its software for Mac OS, due to a security vulnerability that could allow people to be spied on through their webcam.
- The Zoom macOS app is indistinguishable from malware and abuses various techniques that allow it to install without you having to click install.
- Zoom has clarified that their service does not provide end-to-end encryption. And there are a number of concerns about who has access to the encryption keys. Zoom may be legally obligated to share encryption keys with Chinese authorities if the keys are generated on a key management server hosted in China. And what’s more, the keys use 128-bit AES encryption and EBC, the worst encryption mode, to encrypt and decrypt the keys.
And it’s not just reporters and information security professionals who take issue with Zoom.
- The UK Prime Minister, Boris Johnson, has used Zoom to run digital cabinet meetings, and now the Ministry of Defence has discouraged use of the service due to security concerns.
- The FBI have issued a warning about teleconferencing and online classroom hijacking, also known as “Zoombombing”.
Obviously businesses will continue to use Zoom. So it is important to know what options are available to make calls more private.
If you are invited to a Zoom meeting or plan to host a meeting, read this Mozilla guide to making Zoom gatherings more private.