Unless you’ve been *really* socially distant this past month, you’ve certainly heard of Zoom.
Zoom.us is a video and audio meeting platform. Their “About” states: “Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems.”
Though Zoom has been around since 2011, the platform’s use has mega-increased since social distancing measures have become the new normal. In fact, according to CNBC, Zoom’s daily users increased from 10 million in December 2019 to 200 million in March 2020.
And guess what also came along with all that new use and growth? Security issues.
Now, we’re confident you already know how important online security is. We know, you know, we all know! However, maintaining privacy on the internet is a topic we continue to write about because the world is ever-changing, and tech platforms continue to get hacked or not have proper privacy standards. So, this week, we’ve decided to highlight a few recent tech privacy issues — issues that include Zoom.
Zoom’s Not *Exactly* Secure
Since working from home has become the new normal for many people, employers and others have started using Zoom for meetings. However, users who chose to use the video meeting platform’s free tier have recently experienced some inevitable problems.
Zoombombing
According to The Verge, Zoom recently turned on “passwords and waiting rooms for meetings by default for users on its free tier and those with a single license on its cheapest paid tier in an effort to help prevent ‘Zoombombing.’”
Zoombombing is when an uninvited person enters a Zoom meeting and shares porn or other “shocking images,” The Verge reported.
“Zoom passwords were already turned on by default for new meetings, instant meetings, and meetings you joined with a meeting ID,” The Verge added. However, as of April 5, passwords will “be turned on for previously scheduled Zoom meetings,” too.
So, when an individual chooses to join a meeting, they will need to wait for the meeting host to let them in from a virtual waiting room.
Encryption and Data Problems
Although we’re happy Zoom is working on its meetings’ privacy, Mashable reported that Zoom has other privacy issues people should consider, too.
According to Mashable, Zoom has mined “data from users’ computers.” Also, Zoom’s meetings aren’t fully encrypted.
The Intercept reported on these privacy issues at length:
The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to secure HTTPS websites. This means that the connection between the Zoom app running on a user’s computer or phone and Zoom’s server is encrypted in the same way the connection between your web browser and this article (on https://theintercept.com) is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings.
So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company. (In a statement, Zoom said it does not directly access, mine, or sell user data; more below.)
Apple Webcams Recently Required a Privacy Patch
According to Wired, Ryan Pickren, a security researcher, discovered some “vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target’s webcam and microphone on iOS and macOS devices.” Doesn’t that just make you feel so safe?
Wired has reported that thankfully, Apple was able to patch the “vulnerabilities” through updates released in January and March. However, before the patches were released, “all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.”
“Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone and camera access,” Pickren said to Wired. “So what an attacker could do with this kill chain is make a malicious website that from Safari’s perspective could then turn into ‘Skype.’”
Pickren continues that then, “the malicious site [would] have all the permissions that you previously granted to Skype, which means an attacker could just start taking pictures of you or turn on your microphone or even screen-share.”
What This Means for You
Keep up all your online safety protocols, and never get comfortable.
The internet is a great place to work, make content and meet up with friends, but we all have to continue doing our due diligence to keep our livelihoods and privacy secure.
—
Abbie Stutzer is a queer, non-binary writer living in Kansas City, MO. You can find them doing witchy stuff at home with their numerous pets or at the local animal shelter saving lives. Contact Stutzer via abbie@ynotcam.com.
Background header image via Pexels here.
