Zoom is not the safest service, but if you follow a number of rules, its use is quite acceptable.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
The coronavirus pandemic has brought completely new technologies to the life of many - if earlier around the world no more than 10 million people used the videoconferencing service under the outlandish name Zoom, today their number has grown twenty-fold at lightning speed. And it continues to grow exponentially.
Suddenly, the video calling service soared to the top of the user Olympus and took the first lines among the most popular applications in most developed countries. However, it is not only the popularity of the service that has grown - suspicions about Zoom's security are growing every day.
Account for a penny
First of all, the service has already leaked the most valuable information - the personal data of users not only fell into the wrong hands, but were also put up for sale. After Cyble experts discovered hacker forums in the backyard of the Internet announcing the sale of half a million Zoom accounts for ridiculous money ($ 0.0020 each), it is difficult to argue that the service's security policy is working well.
Meanwhile, on the video services YouTube and Vimeo, numerous recordings of video calls from Zoom users have appeared, including classes for schoolchildren, individual psychotherapy sessions, online consultations with doctors and even corporate meetings and meetings. In video calls, voices are heard and personal data of children, financial information about the business, names and phone numbers of patients are disclosed.
Yes, Zoom does not record video on its own, but users can do so without the consent of other conference participants. The recordings were probably saved using Zoom services and were in online storage without the use of passwords.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
Not the first damn lumpy
If you think that such problems began with the company after the massive influx of users after the start of the pandemic, it is worth noting that this is by no means the case. Back in July last year, cybersecurity experts discovered that a malicious website could open a Zoom video call on Mac computers without the user's permission.
The company quickly patched its software and removed the local web server that created the vulnerability. But then, in January, a new security issue surfaced - experts from Check Point Research published a report on a new flaw that would allow hackers to eavesdrop on calls.
Each Zoom call had a randomly generated 9 to 11 digit identification number, but this did not stop hackers from secretly joining large groups and remaining unnoticed by the participants in the conversation, hiding "in the crowd." It didn't bother, because the number to join was not encrypted.
But Zoom's biggest omission is when it comes to sorting users by email. The problem was with Zoom's Company Directory setting, which would automatically add other people to a user's contact lists if they signed up with an email address that is on the same domain.
This should have made it easier to find a specific colleague to call when the domain belongs to a separate company. But Zoom users quickly noticed that after registering a personal, unrelated email address, Zoom offers contacts and personal details for thousands of others as if they all worked for the same company.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
Among other things, a new popular movement of mass trolling called "zumbombing", from the words "Zoom" and "bombing", was born on social networks. Participants in the movement become uninvited guests of other people's videoconferences and do everything to disrupt a meeting or conversation. Sometimes it is harmless trolling, but it often reaches the level of stalking.
Ray of hope
So, is it possible to secure yourself even a little against Zoom's many omissions? Because no one will find it surprising if in the near future someone's accounts will appear on the screen of the empty Times Square.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
The coronavirus pandemic has brought completely new technologies to the life of many - if earlier around the world no more than 10 million people used the videoconferencing service under the outlandish name Zoom, today their number has grown twenty-fold at lightning speed. And it continues to grow exponentially.
Suddenly, the video calling service soared to the top of the user Olympus and took the first lines among the most popular applications in most developed countries. However, it is not only the popularity of the service that has grown - suspicions about Zoom's security are growing every day.
Account for a penny
First of all, the service has already leaked the most valuable information - the personal data of users not only fell into the wrong hands, but were also put up for sale. After Cyble experts discovered hacker forums in the backyard of the Internet announcing the sale of half a million Zoom accounts for ridiculous money ($ 0.0020 each), it is difficult to argue that the service's security policy is working well.
Meanwhile, on the video services YouTube and Vimeo, numerous recordings of video calls from Zoom users have appeared, including classes for schoolchildren, individual psychotherapy sessions, online consultations with doctors and even corporate meetings and meetings. In video calls, voices are heard and personal data of children, financial information about the business, names and phone numbers of patients are disclosed.
Yes, Zoom does not record video on its own, but users can do so without the consent of other conference participants. The recordings were probably saved using Zoom services and were in online storage without the use of passwords.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
Not the first damn lumpy
If you think that such problems began with the company after the massive influx of users after the start of the pandemic, it is worth noting that this is by no means the case. Back in July last year, cybersecurity experts discovered that a malicious website could open a Zoom video call on Mac computers without the user's permission.
The company quickly patched its software and removed the local web server that created the vulnerability. But then, in January, a new security issue surfaced - experts from Check Point Research published a report on a new flaw that would allow hackers to eavesdrop on calls.
Each Zoom call had a randomly generated 9 to 11 digit identification number, but this did not stop hackers from secretly joining large groups and remaining unnoticed by the participants in the conversation, hiding "in the crowd." It didn't bother, because the number to join was not encrypted.
But Zoom's biggest omission is when it comes to sorting users by email. The problem was with Zoom's Company Directory setting, which would automatically add other people to a user's contact lists if they signed up with an email address that is on the same domain.
This should have made it easier to find a specific colleague to call when the domain belongs to a separate company. But Zoom users quickly noticed that after registering a personal, unrelated email address, Zoom offers contacts and personal details for thousands of others as if they all worked for the same company.
Everything you need to know about Zoom security: how to use it correctly and what are the vulnerabilities.
Among other things, a new popular movement of mass trolling called "zumbombing", from the words "Zoom" and "bombing", was born on social networks. Participants in the movement become uninvited guests of other people's videoconferences and do everything to disrupt a meeting or conversation. Sometimes it is harmless trolling, but it often reaches the level of stalking.
Ray of hope
So, is it possible to secure yourself even a little against Zoom's many omissions? Because no one will find it surprising if in the near future someone's accounts will appear on the screen of the empty Times Square.
- For starters - stay tuned for any updates to the Zoom app. The only thing the company has succeeded in so far is in eliminating the vulnerabilities found.
- Don't record appointments. If you do decide to record, keep the video in a password-protected cloud storage or download it to your PC.
- Turn off the file transfer function, because infected links and data are sent to chat too often.
- Your best bet is to only use Zoom on a mobile device such as an iPad or Android phone, as these versions are validated in app stores.
- Create a new ID for each meeting you start using the options panel, not your personal meeting ID.
