The Zoom app home screen and logo | Image: ThePrint Team
The Zoom app home screen and logo | Image: ThePrint Team
Text Size:

Washington/ San Francisco: During the coronavirus pandemic, it seems as if everyone is connecting with Zoom’s videoconferencing app — including, on occasion, unwanted visitors.

Online trolls have been sneaking into web meetings and disrupting them with profanities and pornography for at least the better part of the last month. Cybersecurity researchers fear these disruptions could be a precursor to more harmful attacks allowing hackers to commandeer connected machines to access secure files or other corporate software.

“Much of our current reality is unchartered territory, and this growing dependence on Zoom at home is just another one,” said Mark Ostrowski, regional head of engineering for Check Point Software Technologies Ltd. “As soon as a platform’s attack surface gets big enough, you can only expect that they’ll become more interesting to attackers. That’s what’s happened to Zoom.”

In a Wednesday blog post, Zoom said that it takes security concerns “extremely seriously” and is working to address them. In addition, a Zoom representative said in an email that the company is upset about reports of harassment on Zoom and has sought to educate users about protecting meetings.

Zoom also apologized, in another blog, for “the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.” While the company strives to use encryption in as many scenarios as possible, “we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”


Also read: IT ministry app to track Covid-19 cases returns today after being taken off Google Play


But there’s good news. Users don’t have to follow Elon Musk, whose SpaceX has banned the use of Zoom Video Communications Inc. amid privacy concerns.

There are a few simple steps to host secure video meetings, according to security experts. For instance, ensure your meeting is password protected, and don’t share meeting IDs and passwords on social media, where criminal hackers may grab the credentials.

Experts also recommend that meeting or classroom organizers take attendance and kick out unwanted visitors. Here are a few more tips:

  • Use the waiting-room feature to screen meeting participants before allowing them to interact in the meeting room. This can be accessed by clicking on the settings tab and then the In Meeting (Advanced) option.
  • Use conference IDs instead of links when inviting others to join. Links can be malicious and used to hack unsuspecting users.
  • Don’t repeat meeting IDs to keep unwanted participants out of meetings.
  • Apply scrutiny to links and documents, which can contain malicious code.
  • When not using computer microphones and webcams, use blockers or covers, both of which can be purchased online.

Zoom’s shares have more than doubled this year as investors bet that the teleconferencing company would be one of the rare winners from the coronavirus pandemic. The company has become wildly popular, reaching more than 200 million daily meeting participants in March, according to its blog. But it has also drawn increased scrutiny from cybersecurity and privacy experts.

The most recent incident came on Monday when Patrick Wardle, principal security researcher at Jamfpublished a blog about two new flaws in Zoom. If already infected with malware, the Mac OS desktop version could enable attackers to gain high-level privileges and hijack the webcam and microphone, he said. Zoom said it subsequently released fixes for the issues.

Zoom appears to have been designed with security as an “afterthought,” Wardle said, adding that it was a common phenomenon among startups primarily focused on users and funding.

But Zoom’s meteoric popularity has drawn additional scrutiny.

“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” Zoom said in the blog post. The influx of new users has presented the company with “challenges we did not anticipate when the platform was conceived” and that company “committed to learning from them and doing better in the future.”

On March 30, the FBI issued a warning about so-called “zoom-bombing,” urging users not to make classes or meetings public or share links to teleconferences on social media.

That same day, a Zoom user sued the company claiming its services were illegally disclosing personal information.

The company collects information when users install or open the Zoom application and shares it, without proper notice, to third parties including Facebook Inc., according to the federal lawsuit. Yet Zoom’s privacy policy doesn’t explain to users that its app contains code that discloses information to others, according to the complaint.

Zoom acknowledged that it shares data with Facebook in a blog post on March 27.

In addition, New York State Attorney General Letitia James wrote a recent letter to Zoom that included “a number of questions to ensure the company will take appropriate steps to ensure users’ privacy and security is protected,” according to a spokesperson for the attorney general’s office, who declined to share a copy of the letter.

Concerns over Zoom’s security practices aren’t new. Last year, a researcher named Jonathan Leitschuh discovered that the desktop version of Zoom for Macs quietly installed a web server — one that remained on systems even if the app was removed — that presented a new way for hackers to access webcams, he said. Apple Inc. released an update in July that plugged the security hole.

Holding Zoom’s “feet to the fire” around security and privacy amid the app’s new popularity will create incentives for the company to adapt, Leitschuh said in an interview.-Bloomberg


Also read: India’s power market is booming. But it’s bad for business


Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

You are reading this because you value good, intelligent and objective journalism. We thank you for your time and your trust.

You also know that the news media is facing an unprecedented crisis. It is likely that you are also hearing of the brutal layoffs and pay-cuts hitting the industry. There are many reasons why the media’s economics is broken. But a big one is that good people are not yet paying enough for good journalism.

We have a newsroom filled with talented young reporters. We also have the country’s most robust editing and fact-checking team, finest news photographers and video professionals. We are building India’s most ambitious and energetic news platform. And have just turned three.

At ThePrint, we invest in quality journalists. We pay them fairly. As you may have noticed, we do not flinch from spending whatever it takes to make sure our reporters reach where the story is.

This comes with a sizable cost. For us to continue bringing quality journalism, we need readers like you to pay for it.

If you think we deserve your support, do join us in this endeavour to strengthen fair, free, courageous and questioning journalism. Please click on the link below. Your support will define ThePrint’s future.

Support Our Journalism

Share Your Views

LEAVE A REPLY

Please enter your comment!
Please enter your name here