The coronavirus pandemic made Zoom, a videoconferencing application, one of the most popular apps used by millions of people around the world – especially many of us new users trapped in our homes who find this app is a blessing. It seems there are many people from all walks of life using the conferencing apps to stay in touch during the coronavirus lockdowns.
Zoom Video Communications was founded in 2011 by Eric Yuan, a lead engineer from Cisco Systems. After almost two years of development the service started in January 2013 and within four months it had one million participants and by January 2017, Zoom had officially reached a billion dollar valuation. Now the company is valued around $33 billion.
However, Zoom is now facing some significant controversies due to a number of security vulnerabilities found in its software, as well as allegations during the recent coronavirus pandemic of poor privacy and security practices. On March 30th, Zoom found itself the recipient of not just a letter from New York Attorney General Letitia James but also a class action lawsuit, both over privacy issues. And to make matters worse, TechCrunch is reporting that Zoom is now being sued by its shareholder. There are reports that some Zoom executives have dumped millions in company stock after security issues tanked its stock price.
But out of the frying pan and into the fire, John Walcott, from Time Magazine, reports rapid growth of video conference calls has provided a virtual, “playground for Zoombombers, phishermen, cybercriminals, and also for spies.” Time claims foreign spies, from Russia, Iran, and North Korea, are targeting Americans on Zoom and other video chat platforms and they also raise concerns about Zoom using servers in China.
Zoom’s security woes have led to a number of companies, organizations, and schools banning or restricting its use, with some recommending alternatives such as Microsoft Teams.
According to BuzzFeed, “Google has banned the popular videoconferencing software Zoom from its employees’ devices…” In an email notice to all employees, Google cites “security vulnerabilities” as reasoning behind their decision. They acknowledge that Zoom has certainly had a number of issues in the security and privacy department. These include a bug which allowed attackers to steal other users’ Windows login credentials, sending data to Facebook without a good reason, and vulnerability of its software leading to Zoombombing – a process whereby people crashing into other people’s chats uninvited.
However, if you must use the application, here are some recommendations to help in securing an issue-free meeting, and more importantly, prevent Zoombombing and other security issues. We highly recommend you change these five secure video settings ASAP:
- Do NOT use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting.
- Enable the “Waiting Room” feature so that you can see who is attempting to join the meeting before allowing them access.
- Disable options. (Most important):
- Disable the ability for others to Join Before Host.
- Disable screen-sharing for non-hosts, and also the remote control function.
- Disable all file transferring, annotations and the auto-save feature for chats.
- Once the meeting begins and everyone is in, lock the meeting to outsiders.
- If possible, assign at least two meeting co-hosts. (The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting.)
We cannot guarantee these steps will completely stop someone who is hell-bent on hacking/disrupting a meeting; however, making it difficult and set obstacles in place will slow their process and hopefully prevent them from accomplishing their objectives. For more information and recommendations, we highly recommend you visit the Zoom’s support page. They have some retailed walk-through videos. As for the “spying” we recommend using a secure connection and limit those who have access to your network/applications.