The dramatic increase in the number of Zoom users has been noticeable during the last months. In fact, just in 3 months, the number of users jumped from 10 million to 200 million (About 20 times more than before). Their stock price has seen an incredible increase in price, duplicating in the first quarter of this year.
But the number of concerns has skyrocketed as well.
Zoom conferencing has always been a useful tool for virtual classes, work meetings, and even long-distance get-togethers. The basic plan is completely free and supports up to 1000 participants per meeting so it is convenient and useful for many purposes.
The fact that sensitive information might be shared during meetings will push hackers and scammers to do everything in their power to exploit every single security flaw they can get their hands on. This makes zoom software a target, and as some security professionals say, the software creates a big “attack surface”.
Just by itself, the app does not propose a risk. But with everything that’s been going on and the abrupt increase in demand, it is clear that they were not prepared for such a growth.
What Are The Safety Concerns?
Accounts For Sale
Personal privacy issues are really serious. Criminal marketplaces take advantage of hacked accounts and personal information, profiting from selling this information to other criminals. Right now there’s the concern that possibly more than 500,000 zoom accounts are being sold in these places.
Although it is a serious concern, this issue can’t be directly attributed to Zoom as it usually happens due to a lack of security measures from the user’s side. If at some point in the past your information has been breached or your passwords are weak and reused, the hacker just needs to use those credentials to gain access.
Zoom’s Weak Encryption
It’s been found out that Zoom’s end-to-end encryption is actually not as good as they have told us. According to them, its video and audio data is encoded using AES-256 while in reality they use the slightly weaker AES-128 encryption with an algorithm that preserves patterns of the original file.
Zoom has admitted that their definition of end-to-end encryption is not the same as everyone else’s. They explain that this encryption is considered as a connection from endpoint to endpoint. And Zoom servers are considered an endpoint. Everyone else considers an endpoint to be a user’s device not a server.
Zero-day Exploits On Sale
Apparently there are two zero-day exploits that allow hackers to get full control of a target’s computer. However, for this to happen you would have to use a Windows Operating System and need to be on the same zoom call that the attacker. There is another exploit for sale but is for MacOS and apparently not as serious as the former.
Zero-day exploits are security flaws found by hackers that are still unknown to the rest of the people, including the developers. This is actually pretty common and usually not so serious. That’s why it is always so important to keep your software up to date as every update tends to address these issues…
Zoom video conferencing is supposed to be private. And it is definitely not funny when you’re in an important meeting and suddenly a stranger joins and starts sharing pictures and talking.
In fact, the implications can be serious. Even the FBI has commented on this issue stating that hacking into a teleconference can be charged with state or federal crimes.
While the meeting URLs are being addressed by Zoom, there are also a few ways the host can avoid this. The first one and most obvious is to not share a meeting ID with anyone who is not supposed to attend. Also, requiring a password to log into the meeting (unless the password is really weak and easy to guess there is no way that someone without it could hack a meeting).
Zoom Private Chats
Private chats are not so private. Remember this the next time you’re video conferencing.