How Safe is Zoom App?

This post is also available in: עברית (Hebrew)

The Zoom video conference app has seen a huge rise in downloads since quarantines were imposed around the world. Public Zoom hangouts and working meetings have become popular now that so many people are remote workers and looking for social gatherings. However, as the default settings of the service are configured in the expectation of trust between participants, there appeared new risks of privacy invasions, phishing attacks, and “zoombombings” – uninvited guests abusing the popular video service to broadcast shocking imagery to all, from pornography to violent imagery. 

Moreover, security experts have said the file transfer feature that is switched on by default could be used to spread malware.

In the UK, questions were raised such as how secure the use of the app was for government meetings. The MoD told the bbc.com that Zoom had never been used for high-security meetings, but continued to be a tool for cross-government chats.

A Cabinet Office spokesperson specified: “In the current unprecedented circumstances the need for effective channels of communication is vital. National Cyber Security Centre guidance shows there is no security reason for Zoom not to be used for conversations below a certain classification.”

Zoom announced: “Globally, 2,000 institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare and telemedicine practices have done exhaustive security reviews of our user, network and data center layers confidently selecting Zoom for complete deployment.”

Another challenge derives from one Zoom feature which allows hosts to tell if guests are looking at a window other than the Zoom chat. While it could be perfect for bosses who want to ensure their employees are paying attention, it is still an unexpected invasion of privacy for many, according to theguradian.com.

In one of the incidents, the service’s iOS app was sending some analytics data to Facebook, even if users did not have a Facebook account. The company said in a statement: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only the host can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining.”

Colin Tankard, the managing director of Digital Pathways, a cybersecurity company, said the technical security of Zoom was strong and protected callers against eavesdropping. He said: “The security risks using such services hinge more around how secure your password is in gaining access to your conference dashboard, as if weak passwords are used, a hacker could copy the meeting ID and then connect during the call hiding their identity or appearing as a valid caller.”