With the rise of a new recession arguable tied directly to the recent global
pandemic, many workers have moved to video conferencing apps to connect with their employers while they work from home. Zoom has become very popular due to this strong trend. But how secure is Zoom and should you be worried?

What is Zoom?

Zoom is a web conferencing and online audio company that people around the world use for video conference meetings. Zoom was founded in the United States in 2011 by Eric S. Yuan, a Chinese immigrant to the USA. Zoom has grown tremendously in popularity since the start of 2020 and is listed as a publicly traded company in the U.S.

Malware and Zoom

Using The Web Zoom Instead

You can avoid having to download the Zoom app or a fake version by simply using the Zoom web interface. This can serve as an alternative to run your online meetings. Modern browsers have security mechanisms that create a “sandbox” which helps protect your Zoom meetings. They can prevent a security threat from occurring when working with Zoom.

Fake Zoom apps

Using a fake Zoom app could lead to a malware infection on your device or PC. Many of these use the word “zoom” as a part of their file name to trick users into downloading them. As more workers move online, zoom malware files have multiplied.

Ways to Protect Yourself While Using Zoom

Use Another Device

Using another device that does not have any important personal data on it will help protect you while using Zoom. This could be an older phone or tablet that you have set aside, so if it is compromised, no important information is stolen.

Is Zoom Encrypted?

Zoom does not use the same end-to-end encryption that other messaging apps use. They do not use a public/private key combination where the user’s calls are viewable with the recievers public key, but can only be unlocked using their private key.

Instead, Zoom uses a form of encyrption called AES-256 ECB, which places the encrypted key for calls on Zoom’s global servers. With this, Zoom or a hacker can fully access video and audio streams. Zoom claims the servers are encrypted so no employees of Zoom or anyone else for that matter can access the user’s call data.

The problem is the location of the servers, and some have been found to be in China. This places the servers within reach of the Chinese government, which could possibly eavesdrop on user calls.

Zoom has begun to address this and now allows users to avoid using their Chinese servers, but for a fee.

Zoom Encryption

Zoom is encrypted with TLS 1.2 and the 256-bit desktop algorithm Advanced Encryption Standard (AES). This applies to both webinars and in-meeting presentations. Audio is also encrypted before it enters the phone network when the user’s dial-in by phone to join Zoom meetings.

If a SIP or H.323 device is used for a Zoom meeting, then encryption may be required. Encryption needs to be enabled on all devices that use the Zoom meeting and also for each account, group, or user.

Zoom has lacked end-to-end encryption in the recent past. Fortunately, they have made efforts to improve data security between Zoom users without exposing their information to the Zoom servers. Extra services Zoom offers, such as cloud recording for meetings make them less secure. It is up to the users to decide which level of security they are willing to compromise
to use these Zoom services.

Zoom And Facebook

Zoom was sharing data with Facebook which if compromised could lead to hackers accessing webcams or installing malware. Zoom had not declared this in their privacy policy, so users did not know their activity was being shared and give them a chance to decide on the authorization. This led to a serious user backlash, causing Zoom to change the code in its iOS app to prevent data sharing with Facebook.

Zoom Has Been Hacked Before

In 2020, it was discoverd that around 500000 Zoom accounts were hacked and the credentials were for sale on the dark web. Since they were taken, they can be used by cybercriminals in brute force attacks to break into user accounts. This data cannot be retrieved but can only be reset by users.

Zoom And Passwords

Like other websites or services, Zoom is vulnerable to user password exposure to hackers. The only way to protect yourself when using Zoom is to have a very strong password setup. Consider using a password manager that can generate them for you.

This is very important as hackers will not go away anytime soon and your passwords and login details can be released into the dark web where they can be bought, sold, and traded for ill gain.

How to Protect Your Zoom Meetings

Lock the Zoom Meeting

One way to protect your meeting is to lock the meeting, meaning no outsider can join the meeting regardless if they have a link to it. Use the Zoom waiting room feature or password lock the meeting. Also, do not share your zoom meeting link with anyone on social media.

Restrict User Behavior

By restricting the behavior of zoom meeting participants you can prevent bad behavior or unwanted guests. Ways to do this include restricting screen sharing.

Do not share the log file of the meetings

Be aware that the host can record the complete audio and video of the meeting and full records of public chats. Do not share your chat log file with anyone on social media. Choose to opt out of the meeting if the host enables sharing of the chat log with others in the meeting. This will keep you private from others in your meeting group.

Lock the password for the meeting

Only use the Official Zoom Website

When attempting to use Zoom its very important to use the actual Zoom website. Using another site that appears or claims to be Zoom can put you at potential risk of downloading malware to your computer. Having antivirus software installed and running on your system will help you
here.

If you do accidentaly install a fake Zoom application, then uninstall it immediately and do a full system scan with your antivirus.

Zoom Webcam hackers

Zoom Bombing

Zoom meetings has a 9-digit ID that allows users to use the chat. If this leaks or an outsider manages to get it, they can sneak into your chats and cause problems.

Hijacking meetings this way is called “zoombombing” and can cause some serious disruptions for meeting users. This includes shouting of obscenities, showing pornographic images, and doing other deviant behaviors. This was in fact easy for many hackers to accomplish, so it is in no way impossible for a zoom meeting to be bombed.

If you have an older version of the zoom application, this is more likely
to happen due to a security weakness, so make sure to get the latest version.

No meeting is safe, regardless of the group running it from zoombombing.
In fact, the FBI has warned school districts of this and many have banned using Zoom for online learning after the pandemic event of March 2020.

It is important for meetings and calls to be set to private or password-protected or they can be accessed using the meeting code, if they can get it.

Re-set the Zoom Security Settings

Make sure to do the following:

  • Stay private
  • Restrict users to only those authenticated
  • Lock down your conference calls

Many of these are turned off by default for Zoom users so they must go into the program to turn them on.

Zoom Was Sharing Data With Facebook

In 2020, Zoom faced a lawsuit over illegally giving Facebook data of its users personal data letting them know.

Data collected by Facebook included the time zone of the users, their device model, and the unique identifier that allows advertisers to target them with ads. All of this was shared by Zoom without user’s knowledge and was not included in the privacy policy. It also did not matter if the Zoom user even had a Facebook account or not.

Since then, Zoom made changes to its iPhone and iPad apps to stop this from happening. It has also fixed a problem that may have allowed websites to turn on Mac users’ cameras without their permission.

Zoom and Passwords

Using strong passwords is the way to prevent an attack. Using a good password manager app is a great way to do this. They can even help you create new strong passwords to replace old weaker ones.

Other Zoom Type Apps

If you want to try another Zoom-like app there are a few good ones out there. These include:

  • Google Hangouts
  • Skype
  • Cisco’s Webex
  • Go To Meeting Free
  • Microsoft Teams

Recommendations For Using Zoom

  • Use Antivirus on your PC
  • Have a Firewall installed
  • Be careful of who you invite to meetings
  • Use a VPN to access Zoom
  • Setup end-to-end default encryption
  • Lock meetings and password protect them
  • Hold users in the waiting room before admission
  • Monitor the participants list to avoid unknown users
  • Avoid only dial-in participants
  • Avoid file and screensharing that could spread malware

What is Zoom Doing About It?

Zoom claims that enterprise customers are least affected by security threats, and only older reused credentials from other online sources are dangerous. They also are actively searching and shutting down sites and sources of dangerous malware and credential theft.

To Recap…

Since the start of the pandemic, Zoom has become very popular for online meetings and chats. However, it is important for all users to be aware of potential security risks.

For more information on antivirus programs, see our Mega Antivirus Software Review.

Did you find this useful? If so please share and comment!