As the coronavirus crisis affects the world, there has been a sharp rise in working from home and, as a result, the use of video conferencing platforms such as Zoom. But Zoom has also come under fire for numerous privacy and security issues.

As reported by Help Net Security, some of these issues include:

  • A non-transparent and sketchy privacy policy
  • The attendee attention tracker feature
  • The incorrect claim that Zoom meetings/webinars were capable of using end-to-end encryption
  • The iOS client sending user device information to Facebook (because of the Facebook SDK used)
  • UNC link issue that could result in attackers stealing users’ passwords and run malware
  • Two vulnerabilities that could be used by attackers with local access take over a Zoom user’s Mac, as well as tapping into the device’s webcam and microphone. Exploitation of one of these is possible because Zoom uses a shady installation technique also used by some macOS malware. (In a similar vein, last year Zoom stopped installing a hidden web server on Macs that helped with frictionless installation of the tool)
  • A feature that provided info on Zoom meeting participants (pulled from LinkedIn)
  • Zoombombing (i.e., trolls crashing and disrupting Zoom meetings), additionally exacerbated by lax privacy and security choices made by users and vulnerabilities that allow for the creation of tools like zWarDial, which automates Zoom meeting discovery (The tool hasn’t been publicly released.)

All of these issues raise the question of how safe it is to use Zoom. However, it is important to note that since coming under increased scrutiny in the last few weeks, Zoom has been working to address many of these issues, as Help Net Security has reported:

Since then most of these problems have been addressed: the attendee attention tracker feature and the LinkedIn data sharing feature have been permanently removed, most of the vulnerabilities have been fixed, the Facebook SDK info sending code has been removed, the privacy policy updated be more clear around what data the company collects and how it is used.

 

Most importantly, Zoom Video Communications’s CEO Eric Yuan publicly pledged that, for the next 90 days the company will temporarily stop working on new features and shift all their engineering resources to focus on trust, safety, and privacy issues.

 

He apologized for the company failing short of the community’s privacy and security expectations, said that many of the issues were due to the fact that Zoom was built primarily for enterprise customers (large institutions with full IT support).

You can read the full article from Help Net Security here.

It’s a positive step to see a company working towards better security and privacy measures, but although Yuan has argued they “did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home”, the problems should nonetheless have been addressed before.

The chief question here is whether it’s safe to use Zoom. You should always be careful about using any platform on which you can share data, and on the whole, there are more secure services available.

Are you concerned about data privacy issues during the coronavirus crisis? Contact us today to get our expert, professional advice.