Zoom is an online meeting app that allows users to collaborate and have online video conferences. In the current remote working enforced due to the global viral pandemic, it has become a very popular tool to meet and connect. However, the question remains – is Zoom a safe and secure way to connect online?
Due to Zoom’s current popularity, we see that the security holes are exposed at a faster rate than can be fixed. It is also a prime target for scammers due to its current popularity.
The British National Cyber Security Centre (NCSC) has confirmed that the app is safe to use for non-classified information. This is more than sufficient for most regular users. The inherent security issues are by no means unique to Zoom. Let’s explore how Zoom could be exploited by those with bad intentions.
Table of Contents
The calls are not encrypted
Unlike WhatsApp calls, Zoom does not encrypt call information between senders. This makes it open for someone else to intercept your data. Other conferencing software like Microsoft Teams and Skype is also open to this security issue. The best practice is to not discuss any sensitive information over these channels. It is also worth noting that even if WhatsApp calls are encrypted, Facebook still has access to your data. It only makes it impossible for anyone else to intercept it. When using free software you are always trading your privacy for convenience.
The housekeeper
The Zoom app has a program running in the background doing maintenance and housekeeping tasks. Even when uninstalling the app on some systems, this part of the app stays behind. This can be the target for outside attackers, however, the chance of that happening is low.
Phishing links in files and attachments
There is a security exploit in Zoom where hackers can obtain your Windows logins if you click on suspicious web links. This is related in the way Windows connects to external links. Treat all links and files as potentially dangerous as you would with your email inbox. Similar issues have been found in WhatsApp and Microsoft Teams.
Phishing scams
There has been a sharp increase in the number of COVID-19 related phishing scams on Zoom. These scams are usually sent by scammers trying to trick users into handing over personal information. Since Zoom is currently a popular app, it will be targetted but the phishing attacks are in no way unique to only Zoom.
Zoom party crashing
A new trend in online Zoom meeting crashes has been labelled “zoombombing”. This is when people join private online meetings without authorisation. This is usually random as Zoom meeting links have a Zoom ID at the end and scammers usually try different IDs until they find a link that works. A way to prevent is to set up a meeting password for all meetings.
Some tactics if you are leading a Zoom meeting
Perform roll call at the start of the meeting to ensure that all participants are legitimate.
When setting up a meeting, make sure it is password protected and send this password to attendees via another method using email or phone.
Ditch the app and use the web version
Most meeting apps like Zoom have a web version. If you are paranoid about security, then uninstall the app and rather use the web version in your browser. This version of Zoom has fewer features and works best in Google Chrome.
Conclusion
Zoom is a handy tool for video conferencing and the inherent threat level is low if used responsibly. Alternatives such as Microsoft Teams, Skype, WhatsApp, etc. also suffer from similar weaknesses.
Keep your apps updated to the latest version and do not share any personal information that you wouldn’t share online.
Further Reading:
Secrutiny – Remote Collaboration Tools [Zoom Special Interest] – Threat Report 2020