What are Zoom’s security issues? How are they attempting to fix the issues? And what can users do to make their Zoom experience more secure?
As millions of employees are still working from home, the need to use newer software to adapt to remote communications continues to rise. Among those, Zoom is an increasingly popular video-conferencing platform that enables creating or join meetings from anywhere. Amid COVID-19 quarantine practices, Zoom has bloomed as a social communications platform for the public at large.
According to a blog article published by Zoom: in December 2019, Zoom had 10 million daily users. In April, that number skyrocketed to over 300 million daily meeting participants. Its rapid growth in numbers of users has left the platform and its users questioning its security.
For one, the term “Zoom bombing” is very real. This term is used when random people join a meeting by cracking a meeting ID and joining. If a meeting ID or password is not secured properly, intruders can find ways to mine in online.
Zoom bombing is not the only issue with Zoom’s access security. Zoom was investigated by the office of the US Attorney General, and some lawsuits were filed subsequently with the discovery that Zoom was sharing data with Facebook.
Zoom Acknowledges Company's "End-to-End Encryption" Marketing Practices Masked Truth
AES-256 encryption was meant to be implemented to keep video calls secure. However, Zoom implemented a substandard AES-128 key in ECB mode, which violates privacy security requirements. Some business enterprises have banned employees from using Zoom until the security can be improved upon. For these reasons, companies like Google, SpaceX, and multiple education departments have banned the use of Zoom.
In the wake of its multiple cybersecurity issues, Zoom has taken some security measures to help protect users. Among them, all users will now have passwords and meeting “waiting rooms” to help prevent “zoom bombing”.
On April 5, Zoom announced that they would enable the “Waiting Room feature and two meeting password settings for all Basic and Pro users with a single license, including K-12 education accounts who have the 40-minute limit temporarily waived.” In a blog post, a Zoom spokesperson said that it would be rolling out a new security update to the software, focusing on improved encryption. Zoom 5.0 will begin use of AES 256-bit encryption for increased privacy protection and was enabled on May 30.
How to Keep Your Zoom (and other visual conference) accounts and meetings safe and secure
1. Protect your meetings with a password.
The easiest way to prevent intruders is to set a password for your meeting. Ensure that when the password is shared with attendees that it is sent via a private channel to prevent “zoom bombing”.
2. Lock your meeting
Once a meeting has begun, you can manage the meeting participants. Locking your meeting will disallow further attendance, even with the password or meeting ID, once it has been locked.
3. Turn off screen sharing
Disabling screen sharing may prevent unwanted images or videos from being shared, whether accidentally by a legitimate meeting participant or a “Zoom bomber”. Screen sharing may be easily re- enabled during the meeting, as needed.
4. Use a random meeting ID
While it may be convenient to use the same ID for each meeting, that may create vulnerability. Randomly generating IDs for each meeting is the first step to preventing intrusions.
5. Check for updates
As security issues are discovered and patches are rolled out, make sure you are using the latest build of the software for maximum security. Check often for security updates and make sure to apply them! For years, Vigilant Technologies has helped clients transition to remote work, and cybersecurity is among our specialties.
About Vigilant Technologies
Vigilant Technologies is an information technologies leader in cybersecurity, cloud services, business continuity, disaster recovery, server consolidation, and infrastructure assessment and management. Vigilant serves both government and private sector enterprises with innovative information technology solutions. Vigilant Technologies, LLC is a veteran-owned, privately-held corporation with headquarters at 4500 S. Lakeshore Dr., Suite 410 Tempe, AZ 85282.
Carl Ingram, owner and Chief Information Officer is dedicated to creating Artificial Intelligence technologies that will revolutionize, streamline, and optimize business operations. He holds two U.S. Patents in Information Technologies. Please visit our Services page for a full repertoire of IT support services that Vigilant Technologies provides.