Zoom Vulnerabilities & How to tackle them

We are living in hard times. Coronavirus has forced more than 130 countries to go under some form of lockdown and has crippled the world economy. Most countries are reducing their GDP forecasts, most of the businesses are bracing for massive losses, and recession is now surely on the cards. But even in this economic blood bath, there is one company whose shares have skyrocketed. It is none other than the zoom video conferencing app. Zoom has gained more than 190 million users in just three months. But with a sudden rise, the company has come under scrutiny for several security reasons. Recently, the Ministry of Health Affairs(MHA) in India also red-flagged the Zoom app, citing that the app is not safe for individual users and issued the guidelines on how to use the platform securely. According to MHA, users using zoom without necessary precautions are exposed to the world of cybercrime with their valuable data such as details of meetings and conversation in those meetings at risk of being leaked out.

The rise of zoom

Zoom had roughly around 10million daily active users as in December 2019. Now the number has spiked to an all-time high of 200 million daily active users. That’s a 20 time gain in the number of users in just a span of three months for a company that is out there for the past eight years. Many people refer to this exponential rise as the “Zoom boom”. Not only individuals but businesses, colleges, schools, churches, and even governments all around the globe are using this tool to virtually meet and carry out their daily work by following social distancing. But with this rise in the number of users, the company has also witnessed a staggering rise in the number of reported security issues and loopholes of the app.

2f258e4a 9ded 41f1 bd93 3d4b871d7f11

The issues that followed

One of the predominant issues is the “Zoom bombing” issue. For every zoom call, you get a zoom id which is specific for that call. If you haven’t turned on some specific security features, anyone with that zoom id can join the call, listen to the conversation and also share their content. That has become an issue as scammers are randomly generating these zoom ids by using an automated script to get into random zoom calls. According to a report published in The Verge, an automated script was easily accessible over the internet which can identify up to 100 active zoom calls per hour. This is a highly contagious issue as the culprit can listen to all the private conversations and also broadcast objectionable content in those calls.
The other issue is that zoom is selling its iOS users’ analytics data to Facebook without explicit consent, even if users don’t have an account with the social networking giant. It transfers data like user’s device models when the user opens up the app and other information like from which timezone and city the person is accessing their app. This has raised quite a few eyebrows as neither the Zoom users were aware of this happening nor doesn’t the app explicitly say it sends data to Facebook in its privacy policy.

A blast from the past…

The sudden increase in users might be a surprise for zoom owners but the security issues are not. in June 2019 Apple, The iPhone makers had to release an update specifically to deal with a security flaw with zoom software that could remotely turn on a person’s webcam. MHA has also issued several warnings in the past, specifically in months of February and March, highlighting the vulnerabilities of this app. Zoom has also faced conflicts related to their end to end encryption claims.

zoom

How to protect yourself?

MHA has issued a handful of precautions and guidelines that can be adopted. The easiest and most important way is by Setting user id and password for each meeting. Other measures include enabling the waiting room so that every user can enter only when the host conducting meeting admits them and Using personal meeting ID over the randomly generated ID. Allowing screen sharing by host alone and disabling ‘allow removed participants to re-join’ are a few options that can also come in handy. Locking the meeting once all the attendees have joined and restricting the recording feature are some steps that have been proved helpful.

- Advertisement -

Nitin Gupta
Nitin Gupta
Nitin is a software engineer from Gurugram, Haryana. He is an avid reader, a tech-savvy and a sports enthusiast. He is quite versatile and loves to try his hands in every different field. Surely a fun person to hang out with!

- Advertisement -

Latest articles

Related articles