When Zoom Privacy Goes Boom: The Conference Threats
- 2020-04-28 14:15
As Zoom becomes more and more popular in the world that needs more video conferencing, it becomes more of a target for attacks. For each Zoom app download last year, there are dozens today. And its really impressive customization features and free calls up to 40 minutes are no salvation. On the contrary, if you’re using Zoom because of its popularity, you face the missiles it attracts.
You may think it’s not your concern. You’re not a Martian secret agent, not a CEO of a global brand, well, you’re even well-dressed when on the video, and the hole in your wallpaper is covered with a poster! But it doesn’t stop you from being attacked since you’re on Zoom. You don’t have to be something special to get in the crosshair: it’s just the place.
Zoom had to deliver official answers after New York’s Attorney General Letitia James had sent a letter to its office concerning these privacy issues. The company had to shed some light on what it had done to improve security during its increasing popularity. In the meanwhile, more vulnerabilities were found on Macs, meaning that cameras and mics of Zoom users could be accessed by hackers during conferences.
It officially resulted in the refusal of Zoom by those responsible for sensitive matters. One (but not the only) example is the New York Department of Education that decided to switch to alternative platforms for video conferences, given these issues. But is it this critical to private users keeping their conversations decent? Let’s take a closer look at vulnerabilities and threats detected, with special Zoom tips and tricks to handle these risks.
Tattle-tale: The Worst Is It’s a Feature
You don’t need an informer sitting next to you that tells the lecturer you’re not paying enough attention (sounds quite frightening if you imagine that in some North Korea). Zoom has its own tattle-tale feature that informs the meeting host that you’re distracted by something else. It is done through a built-in assistance module that detects if some meeting participants didn’t keep Zoom in the focus of their attention for 30 seconds or more. There is a tricky visual aid system.
As Zoom CEO Eric S. Yuan officially informs in the app’s blog, this feature has been deactivated on April 1 (let’s hope it wasn’t a Fools’ Day joke). But it can be reactivated at any moment, and we suppose you are probably not a thorough reader of the Zoom corporate blog. So beware: we know it’s been there.
What to do: have you got another device? If yes, use it for any secondary tasks during the conference. If not, try not to switch to other windows for long.
Cloud recording is a great feature when done properly. If not, it’s a danger as well as a perk. It’s the most convenient way to get a record of your conference, along with chat logs, without bothering with local recording. And later other users from your company will access it right on the cloud where it’s been. The trick is that the user doesn’t need to have attended the meeting to access the record.
On the one hand, it makes sense: it’s logical to share the record with those who have missed the actual conference. On the other, it enables various misuse and abuse cases. You never know who your records can be sent to. All it takes to access a record with your voice and video is a Zoom account and a link.
What to do: for ethical reasons, Zoom offers a limitation option that lets only the preapproved IP addresses access the record. That is, you can get your guarantee that no third-party person accesses the original file. Of course, there are round ways, but insisting on preapproved access is the best you can do – not so much to prevent the leaks technically, more to show your concern.
Have you read your license agreement carefully? Have you found there even a slight mentioning that Zoom can send your analytics data to a third party? So you create a separate account and keep it out of touch with Facebook. It doesn’t help, though: Zoom still passes your data to the biggest social network! And probably not only to it.
The iOS version of the Zoom app has been caught in the act of sending this data out. So Facebook could know when you launch the app, what device you use it on, what carrier you use, where you are, and so on. Of course, your advertising identifier is also shared. By the latest report, the app received an update that put an end to this generosity. In its statement, Zoom team pointed out that it was a mistaken implementation for “Login with Facebook” feature.
What to do: update the app if you haven’t yet. And pray there is no undocumented feature that sends your data to any foreign (or domestic) intelligence.
To Zoom or Not to Zoom?
There are still many reasons to use Zoom. The first being everybody’s there. The second: it’s cross-platform. The third: what other messenger lets you hold a conference for 100 people for 40 minutes for free?
But besides all these pros there are lots of cons. Hacker attacks are inevitable. But can we find a video conference service that doesn’t give our personal information away this easily? Or make this one play nice? How do we conduct a group meeting, Zoom privacy being on everyone’s mind? It’s an important step for the company to admit its failures, but are there any more behind those disclosed?
A Look from Your Zoom
Have you run into troubles with these Zoom features? Do you think they really give too much power to the hosts and their bosses? Have you ever felt a real discomfort from these situations? And do you believe it changes for the better? Leave a comment to express your thoughts and expectations.