A Great Boom of Software and Zoom Security Breaches
As the popularity of various software for video calls has soared, millions of people started using Zoom. It provides the possibility to organize group calls, chats and meetings online. However, at the end of March, this program experienced ‘Zoom-bombing,’ intruders’ attacks where half a million Zoom accounts were hacked. Zoom users experienced unwanted meeting attendees and harassing participants. Moreover, there was a leak of users’ email addresses and photos. Additionally, the Zoom installer's deficiency lets attackers get root access to computers that have a malicious version.
Consequently, various governmental organizations and other companies have banned the use of Zoom for their workers. Among these are the German Foreign Ministry, the United States Senate, Google, Elon Musk’s SpaceX alongside NASA, New York’s Department of Education, and numerous others.
Is Zoom the Most Secure Video Conferencing Now?
As a response to attacks and the public’s reaction, Zoom introduced a 90-day strategy to deal with security concerns. What we can see on the official Zoom security website page is that they are improving software to reduce its vulnerability.
Encrypted Communication and Data Exchange
Data encryption is a technique that transforms unencrypted data, or plaintext, into an encrypted ciphertext through a special algorithmic function. Zoom has advanced its encryption techniques, and now the software uses TLS (Transport Layer Security) 1.2 with the Advanced Encryption Standard (AES) 256-bit algorithm. Users get the following protection.
- In-meeting and in-webinar presentation content is encrypted at the application layer.
- Chat sessions are encrypted with asymmetric and symmetric algorithms. As session keys are created with a device-unique hardware ID, unauthorized users won’t be able to tamper with session or eavesdrop.
- The file transfer function available through in-meeting chat protects shared files with encryption.
Besides chat and file share encryption, Zoom has enabled meeting passwords. Now, you are required to have a password to join meetings. The company also introduced a virtual waiting room where people have to wait until they are approved. This factor prevents uninvited visitors to meetings.
Limitations in Security Measures
Although Zoom has taken several significant steps to increase security, there are several restrictions for users. Firstly, it’s possible to keep recordings either on Zoom’s cloud with the Cloud Recording option or on the host’s local device. Yet, pay attention to the fact that the Cloud Recording feature is available only in paid accounts. Secondly, you are responsible for protecting the data stored locally. It’s up to you to choose free or commercially available tools if you wish to encrypt it.
Thirdly, two-factor authentication (2FA), which protects accounts with a two-step sign-in process, creates additional security. However, this authorization doesn’t apply to the Zoom mobile app, Desktop Client, or Zoom Rooms. Likewise, advanced security settings that comprise password and sign-in method restrictions are available only in Pro, Business, Education, or Enterprise accounts.
Zoom’s vulnerability has led to data leaks and unwanted people in group meetings. It’s possible to conclude that security breaches that happened to Zoom can affect any platform that has not safeguarded itself properly.
If you have a Zoom account, it’s advisable to change the password and revise security settings. You may decide whether to continue using the program or opt for other tools. Yet, to ensure that your data is intact, you should check the security policy of the software before installing and running it. Thus, you'll consciously choose the most secure video conferencing depending on your needs. Additionally, you can select data protection solutions to ensure that your private or corporate assets get enhanced protection against data theft.
While we are waiting for further Zoom security improvements and new releases, subscribe to our blog. Stay updated and secure with MBS Techservices!