Americans lucky enough to retain their jobs during coronavirus lockdowns have relied heavily on telecommuting. Outside of work families and friends have flocked to video-chatting applications to stay in touch while also keeping in line with social distancing guidelines. During this time, one app has skyrocketed in popularity for both purposes.
Zoom has shown some tremendous growth in recent weeks. In fact, investors even rallied behind the wrong company (Zoom Technologies, “ZOOM”) before realizing their mistakes.
A lightweight, business-targeted video chat app, Zoom had already been in use with many businesses internationally. But COVID-19 made it a more popular solution, before security concerns came to light. Now, many users are unsure how to move forward.
Zoom’s Privacy Issues Revealed
When software scales quickly, privacy problems are often revealed. In Zoom’s case, over a dozen issues swiftly emerged. These included:
- At least one version of Zoom has been found to be bundled with a cryptocurrency miner, which will hijack an individual’s systems to mine cryptocoin.
- Zoom uses a weak version of encryption (AES-128 rather than AES-256) which is easier to break than current industry standards.
- People are able to “bomb” a Zoom meeting simply by knowing the number of the meeting, and may try to jump into random meetings.
- Email addresses and profile photos may be leaked, and there are many Zoom accounts for sale on the internet right now.
- Zoom shares information with advertisers, so privacy may be breached as well as security. This is in their Terms of Service.
- When individuals communicate through Zoom chat one-on-one, the chat is shared with the entire group at the end of the session.
The above issues have not yet been fixed, while there are other issues that have been mitigated:
- An account hijacking issue was resolved, in which attackers could potentially access a company’s contacts.
- File sharing could potentially lead to vulnerabilities within the platform, so file sharing has been turned off in meetings.
- Malware injections and malware-like attacks have been resolved as discovered, including some zero-day attacks.
- Zoom has clarified that its end-to-end encryption is not up to the industry definition of end-to-end encryption.
But what are the real consequences of Zoom’s privacy issues? How much security do most employees need, especially work-from-home employees? And will employers need to look for other video conferencing solutions, or should they accept the flaws of this one?
The Ultimate Impact of Privacy on Work-from-Home
When privacy is discussed, it’s usually about major confidential issues. The shareholders of Apple don’t want to discuss business and marketing over Zoom. However, most companies using Zoom are not in this position — they would be far more likely to be using a Cisco solution or similar.
To be secure, work-from-home employees can still use Zoom. But they need to be aware that anything they said could be listened into. In other words, using Zoom is fine as long as you’re having a conversation that could theoretically be a public one. Zoom is as secure as having a meeting in a cafe.
Privacy concerns and security issues are likely to become more commonplace for the work-from-home worker. Employees and managers alike should be acutely security conscious during this changing period, and ensure that everyone they are communicating with is being equally careful. There are other video conferencing solutions, but many of them have similar security concerns.