The curious case of Zoom: The video conferencing software that is snowballing

Work from home culture has brought in a substantial amount of economical, physical and financial changes to the way businesses operate. With people being locked down inside their homes, virtual communications have become more of a routine now.

With more people relaying on video conferences for their work, education, seminars, conferences and other business related communications, ‘Zoom‘ the video conferencing software saw a remarkable growth in it user counts, active sessions and traffic.

Zoom was built for enterprise users only, but to their fortune it is now being used even in the education sectors for remote learning and Zoom has facilitated the classroom setup procedures with their guide for administrators. 

Why is Zoom being questioned for cybersecurity?

With increased scope of usability this video conferencing software, had numerous in-built security issues that need to be addressed. The overall user count has increased from 10 million to 200 million in matter of weeks. With this huge rise in user counts, Zoom needs to fix its security issues before proceeding with any other new feature development. 

We have gathered a list of security issues that Zoom needs to address, 

1. Zoom’s Mac app gets installed without user consents just like a random mac malware and this is criticized by security researchers. Later, Zoom went ahead and fixed the same few days back.
2. Similar to the anonymous data collection process mentioned above, another data mining process where users details are matched with Linkedin, and the attendees details are matched with Linkedin’s Sales Navigator to identify the person and know more about the individual. Later, Zoom went ahead and disabled this option.
3. Zoom’s iOS app is sending analytics data to a social media, without users’ consent.
4. The privacy policy states, ‘Zoom’ does fetch data like users, conferences, transcripts and other notes to sell it to third party data management companies for profit. After the escalation on this, ‘Zoom’ has revised its privacy policy and is no longer selling the data.
5. An attendee tracker is a feature which tracks whether the attendees are active on Zoom’s tab. This feature was later removed by Zoom along with the privilege of the host to read the private messages exchanged during the call, when the call is recorded locally.
6. While Windows isn’t a exception, Zoom’s Windows version had some critical vulnerabilities which would allow an attacker to infiltrate the network using UNC patch injection vulnerability and execute arbitrary commands in the device. Later, Zoom went ahead and patched the same on April 2, 2020.
7. A tool called ‘ZwarDial’ can provide you details of Zoom meetings, as and when you type the Zoom meeting id’s. Researchers have created this tool and said they could find around 100 meetings per hour publicly available and without any password.
8. Threat from Zoombombing, which takes advantages of the video calls and virtual meetings appears to have cornered Zoom, as it can hijack the calls to broadcast any videos during the meeting or the call. Later, Zoom introduced a feature called ‘Waiting room’, through which the host can control the entry of attendees through a meeting password and prevent random hijacks.
9. Albeit Zoom claim its communications to be end-to-end encrypted, researchers have proved it wrong. If Zoom’s, cloud recording or dial-in telephone option is enabled, then the decryption key is now with the Zoom’ cloud infrastructure and can be used for decryption. This key can even be stolen by hackers resulting in data breaches.

Is it advisable to use Zoom?

Zoom is a video conferencing software that was initially built for enterprises, but considering its sudden jump into the Chinese and other markets, it is doing a tremendous job in handling the load, being transparent and fixing issues on time.

Zoom’s CEO, Eric S.Yuan, has also mentioned that they are going into 90-days freeze and they won’t be developing any new features until the existing security mishandling is resolved.

Furthermore, even some security researchers are in support of Zoom, as it is facilitating organizations during this crisis and the video conferencing software manufacturer is doing the best to resolve their security misconfigurations.

The main concern is Zoom’s in-house encryption model, and other aesthetic features that smoothes the meeting without any friction or lags. 

However, as per ‘The Cybersecurity Times’, users can continue using Zoom, if the meetings doesn’t involve business sensitive informations. Moreover, the educational sectors can go ahead and use this software for their remote classrooms. Furthermore, for those who are concerned about Zoom’s security still, watch out for our next article that will discuss Zoom’s alternatives. 

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.