Zoom video conferencing has been the talk of the town for weeks now. Due to the ongoing lockdown globally, Zoom’s popularity quickly shot up as people used it for meetings and students for online classes. However, Zoom was soon discovered to have many security loopholes.
Zoom’s CEO Eric S. Yuan even apologised for all the security issues that the video conferencing app was packed with. Zoom also announced a 90-day feature freeze to focus on security and privacy. The company also rolled out two new features aimed at making the app more secure. However, schools in the US decided to ban the video conferencing app for their online classes.
If you’re still using Zoom, these are some security issues you should be aware of.
Zoombombing
Probably the most popular Zoom security issue is zoombombing which lets just anyone easily hack into meetings and show inappropriate content. While the meeting host can remove these users from the meetings, they often come back with new accounts. This is possible because Zoom requires meeting IDs which if out in the open becomes very vulnerable.
To fix this, Zoom actually rolled out two new features which enhances the usage of passwords for video meetings. It’s also advised that users don’t share meeting IDs in public, and keep them password protected.
End-to-end encryption
A report by The Intercept revealed that Zoom’s meetings aren’t end-to-end encrypted as the company claimed. Zoom later clarified that it’s concept of end-to-end encryption is different from other companies. In simple terms, Zoom data is decrypted at the server which makes it possible for the company to see and hear conversations. The company however assured that it doesn’t decrypt user transmissions.
Email addresses, profile photos leak
Users who share the same email domain will find their email addresses in a universal company folder which is visible to all the members. This doesn’t work for major email clients like Gmail, Yahoo, Hotmail or Outlook.
But this isn’t the case for users who use small email clients. It happened to Dutch Zoom users who could see information like email addresses, usernames and even photos of them and others in the company folder. These users reportedly used ISP-provided email addresses
0 comments:
Post a Comment