As COVID struck the world by surprise, organizations continued their work remotely and have started using different platforms like Microsoft Teams, Google Meet, GoTo Meeting, Cisco Webex, and Zoom on a massive scale. With the technological shift faced by everyone worldwide, we are dependent on such Video Conferencing platforms to host virtual meetings and enhance the convenience of collaboration. Information shared in these virtual meetings needs to be protected. This is why security and privacy are key features that users prioritize while picking out their preferred video conferencing solution.
Of all the video conferencing platforms in the market, Zoom has seen an exponential amount of growth, especially during the COVID-19 pandemic. Zoom was created in 2011 by Eric Yuan, who previously helped develop Cisco’s Webex. Since its launch, Zoom grew to have 40 million users by 2015. With the hit of the COVID pandemic in 2020, Zoom had over 300 million daily meeting participants by April 2020. Zoom became a unicorn, reaching a valuation of $1 billion by January 2017, and is currently valued at over $42 billion (as of Feb 2022). This staggering success has drawn attention to the company’s security safeguards and privacy assurances.
The Intercept (an American non-profit news organization) has uncovered that, despite the company’s promises through marketing, Zoom video communications are not end-to-end secured. According to Motherboard (the tech wing of Canadian-American magazine Vice), Zoom is exposing “at least a few thousand” email addresses daily. Personal email addresses used on Zoom are considered as belonging to the organization hosting the official meeting. They were also criticized once more for its “attendee monitoring” function, which, when enabled, allows a host to see if participants are leaving the main Zoom window during a conversation.
Zoom has been accused of having several security flaws. Here are a few more security issues raised against Zoom:
The Infamous Zoombombing
Zoombombing is a type of cyber-harassment in which an unauthorized individual or group disrupts online meetings through the Zoom video conferencing platform. “Zoombombers” or hackers use open or unprotected meetings and lousy default settings to control screen-sharing and display explicit or obscene content during ongoing discussions. The FBI issued a warning in 2020 to users to change their settings to avoid the hijacking of video conferences.
Discreet ties with the Government
Zoom has been condemned for failing to be transparent about its law enforcement inquiries. Access Now, a privacy and rights organization, has asked Zoom in an open letter to share the number of requests it gets on a semi-annual basis, like Amazon, Google, Microsoft, and many other corporate giants do. On April 1, 2020, Eric Yuan responded to Access Now’s letter and stated that they are “preparing a transparency report that details information related to requests for data, records, or content,” among other measures to improve transparency. Although, during the same period, they were battling a class-action lawsuit in California for their negligence on security.
Selling Data to Facebook
The user’s behavior data on Zoom was secretly being transferred to Facebook, even if the user did not have a Facebook account. According to Motherboard, the iOS Zoom app told Facebook when they accessed the app, the device model, which phone carrier they launched the app, and other information. Zoom disabled the code in response, but not quickly enough to avoid a class action lawsuit or an inquiry by New York’s attorney general.
The Secret of Personalized Ads
Zoom also changed its privacy policies in 2020 after being criticized for enabling Zoom to gather information about user meetings, such as recordings, transcripts, and shared notes for advertising purposes.
4+ million Webcams Breached
Over the years, you may have heard about some of these Zoom security breaches in the news. And while most don’t appear to be all that horrible, it’s remarkable how few people are aware of the largest and most essential one. In a word, a catastrophic security flaw uncovered in 2019 affected over 4 million computing devices globally. If you were involved, all you had to do was click a single malicious link. Your webcam may not be the only thing hijacked, but attackers could also get complete control of your computer in certain circumstances. And all of this would happen without you having to open Zoom or even install it.
Secret Local Server
While installing the application, Zoom discreetly sets up a local server that functions like any other server to web browsers. The Zoom meeting site did not communicate with the app it eventually launched. Instead, it was communicating with another unknown server from the same computer. The local server was supposed to speed up the re-installation process, but it silently did much more.
Installation File or a Trojan Horse?
The local server did not just re-install Zoom from a specified source. Instead, it obtained the installation URL directly from whichever website the local server contacts. Hackers can modify the local servers and connect the installation process to whichever site the local server directs it
