How Secure Is Zoom, Really?

By Devin Partida
 

Virtual Conference

 

Zoom has emerged as a popular way for co-workers to meet while social distancing. As its popularity has soared, however, some significant security flaws with the service have become clear. With cyberattacks on the rise, many users are questioning if Zoom’s vulnerabilities render it unsafe.

In the face of COVID-19 lockdowns, many businesses have transitioned into a work-from-home model. As a result, the adoption of teleconferencing services like Zoom has skyrocketed in the months following the outbreak. Zoom added more than 2 million users in the first two months of 2020 alone.

As people have used the platform more regularly, several safety issues have emerged. More privacy-centered Zoom news stories are making headlines. In light of this ongoing history of problems, is Zoom safe?

Zoom’s Security Issues

In late March, Motherboard revealed that Zoom’s iOS app sends data to Facebook even if users don’t have an account. The company removed this feature soon after, but that wasn’t the end of its controversy. People filed a class-action lawsuit in response to its less-than-perfect privacy policy.

As more companies started looking into the platform, additional Zoom security breaches became evident. Researchers found various flaws, ranging from data mining to leaking thousands of users’ email addresses. With these issues becoming more apparent, some businesses, including SpaceX, started banning employees from using the software.

Perhaps most famously, a practice dubbed “Zoombombing” started to trend. This involves hackers hijacking other people’s Zoom calls, often broadcasting obscene material to the users in the meeting. These attacks ranged from juvenile annoyances to racist language and sexual harassment.

More recently, security firm Cisco Talos found two more Zoom vulnerabilities, both involving malware delivery. Hackers could send viruses to users through loopholes in the service’s GIF and .zip file-sharing systems. Malware is one of the most common cybersecurity threats and can have severe consequences.



 

Want more tech news? Subscribe to ComputingEdge Newsletter Today!

 



Steps Toward Protection

Not all Zoom news is about newfound flaws within its cybersecurity systems. In response to these security breaches, the company has taken steps to improve its safety and protect users. For example, soon after the Talos investigation, Zoom released an update that patched the issues.

In early May, the company bought security firm Keybase in a bid to improve its privacy. Keybase specializes in messaging and file-sharing, making it an ideal purchase for the telecommunication platform. Zoom also hopes that through Keybase, it can implement end-to-end encryption, the lack of which has been a considerable flaw with the service.

The company initially stated it would only release end-to-end encryption to paid users. On June 17, however, it backtracked and announced that this feature would come to everyone after facing backlash about its original plan. Zoom will start implementing this feature in July, bringing a needed security update to the platform.

End-to-end encryption helps ensure that only the parties involved in communication can see or hear their messages. It encrypts, or scrambles, the data on the sender’s end, and only the receivers get the key to unscramble that data. This feature would make Zoombombing and other forms of hacking a difficult, albeit not impossible, task.

Is Zoom Safe to Use?

Instances of Zoom security breaches are abundant, especially as more users move to the platform. Throughout its history of vulnerabilities, though, the company has consistently released patches after new flaws came to light. Users looking to continue using the service can do so with a relative amount of security.

Zoom’s recent news of acquiring Keybase and implementing end-to-end encryption decreases the risk of further breaches. Its updates have also fixed its most severe shortcomings, like data leakages. As long as users ensure they update the software frequently, they can use Zoom without fear.

That said, anyone discussing sensitive information should opt for an alternative. Even with the new security updates, it’s not worth risking the exposure of personal records or trade secrets. Apart from that, Zoom is mostly safe for casual users.

Security in the Age of Remote Work

The COVID-19 pandemic has accelerated the adoption of remote work technologies like Zoom. While these services are convenient and helpful, they come with added security concerns. Employees and students using software like Zoom should take care to remain safe.

Securing video-conferencing software can be challenging, so one should expect some security shortcomings. As these issues become more prevalent, though, Zoom and similar services are taking more steps to increase cybersecurity. Zoom may not be the most secure option available today, but for most users, it’s acceptable.

Devin Partida writes about apps, software and other technologies. She is the Editor-and-Chief of ReHack.com.


Want more tech news? Subscribe to ComputingEdge Newsletter Today!