The dramatic increase in the number of Zoom users has been noticeable during the last months. In fact, just in 3 months, the number of users jumped from 10 million to 200 million (About 20 times more than before). Their stock price has seen an incredible increase in price, duplicating in the first quarter of this year.
But the number of concerns has skyrocketed as well.
Zoom conferencing has always been a useful tool for virtual classes, work meetings, and even long-distance get-togethers. The basic plan is completely free and supports up to 1000 participants per meeting so it is convenient and useful for many purposes.
The fact that sensitive information might be shared during meetings will push hackers and scammers to do everything in their power to exploit every single security flaw they can get their hands on. This makes zoom software a target, and as some security professionals say, the software creates a big “attack surface”.
Just by itself, the app does not propose a risk. But with everything that’s been going on and the abrupt increase in demand, it is clear that they were not prepared for such a growth.
What Are The Safety Concerns?
Accounts For Sale
Personal privacy issues are really serious. Criminal marketplaces take advantage of hacked accounts and personal information, profiting from selling this information to other criminals. Right now there’s the concern that possibly more than 500,000 zoom accounts are being sold in these places.
Although it is a serious concern, this issue can’t be directly attributed to Zoom as it usually happens due to a lack of security measures from the user’s side. If at some point in the past your information has been breached or your passwords are weak and reused, the hacker just needs to use those credentials to gain access.
Zoom’s Weak Encryption
It’s been found out that Zoom’s end-to-end encryption is actually not as good as they have told us. According to them, its video and audio data is encoded using AES-256 while in reality they use the slightly weaker AES-128 encryption with an algorithm that preserves patterns of the original file.
Zoom has admitted that their definition of end-to-end encryption is not the same as everyone else’s. They explain that this encryption is considered as a connection from endpoint to endpoint. And Zoom servers are considered an endpoint. Everyone else considers an endpoint to be a user’s device not a server.
Zero-day Exploits On Sale
Apparently there are two zero-day exploits that allow hackers to get full control of a target’s computer. However, for this to happen you would have to use a Windows Operating System and need to be on the same zoom call that the attacker. There is another exploit for sale but is for MacOS and apparently not as serious as the former.
Zero-day exploits are security flaws found by hackers that are still unknown to the rest of the people, including the developers. This is actually pretty common and usually not so serious. That’s why it is always so important to keep your software up to date as every update tends to address these issues…
Zoom video conferencing is supposed to be private. And it is definitely not funny when you’re in an important meeting and suddenly a stranger joins and starts sharing pictures and talking.
In fact, the implications can be serious. Even the FBI has commented on this issue stating that hacking into a teleconference can be charged with state or federal crimes.
While the meeting URLs are being addressed by Zoom, there are also a few ways the host can avoid this. The first one and most obvious is to not share a meeting ID with anyone who is not supposed to attend. Also, requiring a password to log into the meeting (unless the password is really weak and easy to guess there is no way that someone without it could hack a meeting).
Zoom Private Chats
Private chats are not so private. Remember this the next time you’re video conferencing.
It is not that the chats are completely available for the general public but once a meeting is over, the full conversation will be available to the host in the end-of-meeting transcript. In other words, the host can read what you write there.
Just imagine making fun of someone in a private window during a video conference. Realistically speaking this is something that many people would do, especially during a long meeting. But once the meeting is over, the host will be able to read that. And it will probably stop being funny.
This feature is completely against the point of a “private”, but it is the way it works right now. So better not use that private window unless you are sure of what you’re writing and aware of who can read it.
Zoom Installer With Malware
This does NOT mean that Zoom is distributing malware with their installation package. In fact, it is not a problem exclusive to them as basically you can get malware with any piece of software that is installed from an unknown or unofficial source.
Hackers distribute a copy of the installation software after tampering with it by adding a piece of software that uses your computer’s CPU and GPU to generate new cryptocurrencies, thus being profitable for the malware developers.
There are two ways you can avoid getting affected by installation malwares. First, only download the latest installers directly from the official webpage or a trusted source. Second, use a reliable antivirus in your computer.
So is Zoom Safe To Use?
If you put into practice at least a minimum of security measures Zoom is safe to use. Despite all the fuzz around the app, it is still even more secure than other apps on the market.
Keep in mind that there are many factors affecting the platform’s performance right now. The number of users grew more than 20x in just 3 months, and on top of that, this dramatic increase in users also attracted an incredible amount of hackers trying to take advantage of it.
Zoom CEO and founder Eric S. Yuan acknowledged this In a blog post on April 1.
“We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,”
As for now, Zoom is expected to grow even more until eventually becoming the most secure video conferencing tool available. But as Kim Zetter said “…too bad they didn’t save themselves some grief and engage in some security assessments of their own to avoid this trial by fire.”