In light of recent events, we wanted to post updates surrounding the popular conferencing app Zoom. The app has gained major popularity amidst this remote climate, however, all that growth comes with a cost. There have been multiple security concerns brought up & we wanted to do our best to summarize what has occurred & has been fixed. Additionally providing some additional tips to help stay secure going forward.
Major Events Timeline:
May 26th- Motherboard Investigation reveals Zoom’s iOS App had been sending data from users to Facebook. Data such as device model, OS, and specs however not personal info.
March 27th- Zoom patches iOS App to shut down sending of data to Facebook
A day later Zoom acknowledged the “feature” & sent out an update to prevent this going forward
March 30th- FBI Issues warning around “Zoom-bombing” & Bugs Galore
After rampant reports of users having their meeting hijacked by external parties, the FBI issued a public warning to users of Zoom to ensure their meetings aren’t left public or share links to said meeting to the public alongside other tips we’ll list below.
Around the same time, multiple bugs were brought public such as the Mac OS installer bug which revealed that Zoom had been using a technique to install the app on user’s macs before they even clicked “install” more about that here. Other bugs included the fact end to end encryption wasn’t used as promised by Zoom, hacks discovered that allowed zoom user microphone & webcam access.
April 1st-4th CEO Addresses Issues (multiple times)
Zoom CEO Eric Yuan published this blog post addressing the aforementioned bugs & reports. Announcing all feature updates would be put on pause to address all security concerns over the next 90 days. Apologizing multiple times following that as more bugs came to light.
“I really messed up as CEO, and we need to win their trust back. This kind of thing shouldn’t have happened”
What Zoom is doing/has done:
-
Frozen all feature update for 90 days to focus on security
-
Enhanced bug bounty program & hired third party firms to help ensure security is up to par
-
Updated iOS app to patch data that was being sent to Facebook
-
Re-wrote their Privacy Policy
-
The Pre-installer has been patched so the user to manually prompt to install the software
What you can do?
That all said as Zoom continues to work on fixing its issue what can you as a user do to stay safe on the platform?
Prevent Zoombombs–
-
Be mindful of who you share a meeting ID with
-
Using a random ID vs the PMI or Personal Meeting ID for all meetings (See how to turn off that feature here)
-
You can enable passwords on a meeting forcing users to type it in even if they have the Meeting ID
-
Enable a Waiting Room so you have to approve users prior to them joining a meeting
Restrictions–
-
Go to your Zoom Settings & you have the option to disable screen sharing other than you the host. Click on “In A Meeting (Basic) then Screen sharing.
If you’re still concerned about using the Zoom platform as always there are multiple platforms you can consider using such as Google Meet, Slack, Lifesize & much more. We at Network Right value our customer privacy & security & thus want to keep them up to date on the latest happenings on the software they & their teams may be using. Following the above will help you stay safe & ensure your following best practices amidst all of these concerns.
