I know that this COVID-19 lockdown along with the social distancing have been difficult to handle for many. But imagine how bad things would be if we didn’t have the technology we have at our disposal.
One such thing, may it be a blessing or a curse, is the Zoom app, the teleconferencing and video chat software. Nothing has really exploded in popularity since the start of the global pandemic as the Zoom App.
As life, we are never short of the good side and the bad side of everything. Recently, I heard stories of companies like Google and SpaceX, agencies like NASA and the Australian Military and the entire Government of Taiwan has banned any of its people from using Zoom.
That’s my job to find out.
Are Issues With The Zoom App New?
There have been a number of well-publicized security problems with the Zoom App. Now this is a bit strange, because we don’t really worry all that much about having our video calls on other platforms being broken into.
I mean, when’s the last time you worried someone was gonna hack into your call on a platform like Skype, Google Hangouts (Google Duo, Alo, Meet are all apps that serve the same purpose), or even Facebook Messenger(!)?
What Issues in the Zoom App Are We Talking About?
Well, it turns out Zoom has actually had security issues for a while, but many of them are just now coming to light due to its recent burst in popularity.
The Summer of 2019: (Zoom App on Macs)
Back in the summer of 2019, there was a widespread security flaw on Mac systems where Zoom’s installer would effectively turn your computer into a server without telling you. This made it much easier for a stranger to add themselves to your conference and look through your webcam with just a single click!.
The “feature” was put in place to make it easier to jump into meetings without additional clicks because this type of web server feature accepted connections that normal browsers wouldn’t.
We all trade security for convenience everyday, but this went a little too far, don’t you think?
Apple actually ended up issuing a Mac OS patch to fix the problem, but since then, a number of other issues have been discovered.
Zoom Security Issues: Email Vulnerabilities
This one was a relatively easy way to bypass email confirmation and gain access to any account where the email address was known. You could simply access the Zoom account by using the same ID tag in the sign up page’s URL to access the confirmation page. That too, without ever having actually had access to the email account!
And, because of how Zoom App’s permissions work, a simple attack like this could actually allow an outsider to access all accounts associated with a domain if the compromised account is from a company rather than an individual.
Meaning? You own a company mail: Let’s say email@example.com. If you were attacked, all accounts with firstname.lastname@example.org could be accessed!
Although that issue has been fixed, Zoom App’s encryption is still rather weak.
False Advertising or straight out lies?
In early April of 2020, researchers discovered that the encryption Zoom App used at the time was actually AES-128, not the advertised AES-256, which is much more secure.
Perhaps a larger issue for most people though, is how easy it is to find Zoom meetings without even breaking any encryption.
Attackers have had success rapidly trying random ID’s until they found some that were active, making it simple for them to break into meetings and sometimes transmit disruptive or offensive audio and video, a practice dubbed Zoom bombing.
And to top it all off, Zoom has been routing lots of traffic through servers in China, and unlike other countries which have strong privacy protections for user data.
China’s government doesn’t need a warrant to see what’s happening on servers located inside the country at any given time!
This has been raising fears from the privacy conscious. And if that’s not enough, Zoom is also facing issues that aren’t strictly its fault.
Zoom App and Malware
Zoom’s installer has been a favorite target of hackers who are modifying it with malware and then releasing it back out into the wild.
And because so many people are quickly downloading and signing up for Zoom using existing email and password combos involved in previous data breaches, it hasn’t been tough for attackers to steal accounts.
Over half a million credentials are up for sale on the dark web at the time I wrote this article.
So what can you do if you’re using Zoom and you can’t convince your friends or organization to move to a different platform?
Are Developers at Zoom Sleeping?
Of course, with so much public scrutiny, Zoom is attempting to fix some of these issues, and they won’t be rolling out any new features for the next couple of months so that their developers can focus on security and privacy patches.
It just means that, given their mentality around this stuff and that it took this kind of outburst from the public in order to focus on those things, it just raises the question, should you be trusting them with your messages, or should you instead communicate with your colleagues via other alternatives?
Some Alternatives to Zoom App
Oh boy there are many. Microsoft Teams, Google’s video calling apps (I am just not going to name them all) and even Whatsapp (Looks like there are plans in place to allow more users into Video Calls).
The one that I like the most? Discord.
Discord does all things that the Zoom App does, and many more. It might be known for primarily being used by gamers, but it definitely isn’t gamers-only.
With Screen Sharing, Video Conferencing, Audio Calling features and the ability to have different discussion threads in form of ‘Channels’ inside a single group, Discord offers the best of all worlds.
With the trend of Colleges using the Zoom App to conduct online classes, wouldn’t it be easier for everyone to just use Discord? I mean Zoom has its issues, and most of the students already know Discord. What’s to lose?
Still Want to Use Zoom? Do this!
Well the easiest form of risk mitigation is to simply slap a password on your Zoom meetings, which will effectively stop Zoom bombing attacks.
There’s also an option to lock meetings after everyone has joined so no unauthorized participants can harm it.
If you don’t have Zoom yet and you need to download Zoom, one pro tip is to make sure that you’re only installing it from Zoom’s official website, not from some other source that could be giving you a compromised installer.