How Secure Is Zoom

How Secure Is Zoom?

With the rise of a new recession tied to the recent global pandemic, many workers are now using video conferencing apps while they work from home. One such app, Zoom, has become very popular due to this strong trend. But how secure is Zoom and should you be worried about your privacy being compromised?

What is Zoom?

Zoom is a web conferencing and online audio company used around the world for video conference meetings. Zoom was founded in the United States in 2011 by Eric S. Yuan, a Chinese-American immigrant, and is currently listed as a publicly-traded company. Zoom’s popularity has grown tremendously in popularity since the start of 2020.

Is Zoom Encrypted?

Zoom does not use the same end-to-end encryption that other messaging apps use. They do not use a public/private key combination where the user’s calls are viewable with the receivers public key, but can only be unlocked using their private key.

Zoom is encrypted with TLS 1.2 and the 256-bit desktop algorithm Advanced Encryption Standard (AES). This applies to both webinars and in-meeting presentations. Audio is also encrypted before it enters the phone network when the users dial-in by phone to join Zoom meetings.

Zoom’s Global Servers

AES-256 ECB places the encrypted key for calls on Zoom’s global servers. With this, Zoom or a hacker can fully access video and audio streams. Zoom claims the servers are encrypted so no employees of Zoom or anyone else for that matter can access the user’s call data.

The problem is the location of the servers, and some have been found to be in China. This places the servers within reach of the Chinese government, which could possibly eavesdrop on user calls.

Zoom has begun to address this and now allows users to avoid using their Chinese servers, but for a fee.

Does Zoom Have End-to-end Encryption?

Zoom has lacked end-to-end encryption in the recent past. Fortunately, they have made efforts to improve data security between Zoom users without exposing their information to the Zoom servers. Extra services Zoom offers, such as cloud recording for meetings, make them less secure. It is up to the users to decide which level of security they are willing to compromise to use Zoom’s services.

Security Depends On The Devices

If a SIP or H.323 device is used for a Zoom meeting, then encryption may be required. Encryption needs to be enabled on all devices that use the Zoom meeting and also for each account, group, or user.

Fake Zoom Apps

Using a fake Zoom app could lead to a malware infection on your device or PC. Many of these use the word “zoom” as a part of their filename to trick users into downloading them. As more workers move online, zoom malware files have multiplied.

Instead, try using Web Zoom instead. This can serve as an alternative for running your online meetings.

Modern browsers have security mechanisms that create a “sandbox” which helps protect your Zoom meetings.

Zoom Has Been Hacked Before

In 2020, it was discovered that around 500,000 Zoom accounts were hacked and the credentials were placed for sale on the dark web. Since they were taken, they can be used by cybercriminals in brute force attacks to break into user accounts. This data cannot be retrieved but can only be reset by users.

Zoom And Password Exposure

Like other websites or services, Zoom is vulnerable to user password exposure to hackers. The only way to protect yourself when using Zoom is to set up a very strong password. Consider using a password manager that can generate them for you.

This is very important as hackers will not go away anytime soon and your passwords and login details can be released into the dark web where they can be bought, sold, and traded.

Zoom Bombing

Zoom meetings have 9-digit IDs that allow users to use the chat function. If this leaks to an outsider, they can sneak into your chats and cause problems.

Hijacking meetings this way is called “zoom bombing” and can cause some serious disruptions for meeting users. This includes shouting of obscenities, showing pornographic images, and doing other deviant behaviors. This was in fact easy for many hackers to accomplish, so it is in no way impossible for a zoom meeting to be bombed.

If you have an older version of the zoom application, this is more likely to happen due to a security weakness, so make sure to get the latest version.

No meeting is safe from zoom bombing, regardless of the group running it. In fact, the FBI has warned school districts about this and many have subsequently banned using Zoom for online learning.

It is important for meetings and calls to be set to private or password-protected or they can be accessed using the meeting code, if they can get it.

Zoom And Facebook

In 2020, Zoom faced a lawsuit over illegally giving Facebook data of its users personal data letting them know. If Facebook was ever compromised, hackers could access webcams or install malware.

Data collected by Facebook included the time zone of the users, their device model, and the unique identifier that allows advertisers to target them with ads. All of this was shared by Zoom without the user’s knowledge and was not included in the privacy policy. Zoom users did not have a chance to decide on the authorization. It also did not matter if the Zoom user even had a Facebook account or not.

What is Zoom Doing About This?

Zoom made changes to its iPhone and iPad apps to stop Facebook data sharing. It has also fixed a problem that may have allowed websites to turn on Mac users’ cameras without their permission.

Zoom claims that enterprise customers are least affected by security threats, and only older reused credentials from other online sources are dangerous. They also are actively searching and shutting down sites and sources of dangerous malware and credential theft.

How to Protect Your Zoom Meetings

Fortunately, there are some simple ways to protect your Zoom meetings. These include:

#1. Lock The Zoom Meeting

One way to protect your meeting is to lock the meeting, meaning no outsider can join the meeting regardless if they have a link to it. Use the Zoom waiting room feature or password lock the meeting. Also, do not share your zoom meeting link with anyone on social media.

#2. Restrict User Behavior

By restricting the behavior of zoom meeting participants you can prevent bad behavior or unwanted guests. Ways to do this include restricting screen sharing.

#3. Do Not Share The Log File Of The Meetings

Be aware that the host can record the complete audio and video of the meeting and full records of public chats. Do not share your chat log file with anyone on social media. Choose to opt out of the meeting if the host enables sharing of the chat log with others in the meeting. This will keep you private from others in your meeting group.

#4. Only Use The Official Zoom Website

When attempting to use Zoom its very important to use the actual Zoom website. Using another site that appears or claims to be Zoom can put you at potential risk of downloading malware to your computer. Having antivirus software installed and running on your system will help you

If you do accidentally install a fake Zoom application, then uninstall it immediately and do a full system scan with your antivirus.

#5. Use Another Device

One simple way to protect your privacy while using Zoom is to use another device that does not have any important personal data on it. This could be an older phone or tablet that you have set aside, so if it is compromised, no important information is stolen.

#6. Re-set The Zoom Security Settings

Make sure to do the following:

  • Stay private
  • Restrict users to only those authenticated
  • Lock down your conference calls

Many of these are turned off by default for Zoom users so they must go into the program to turn them on.

#7. Use Strong Passwords

Using strong passwords is the way to prevent an attack. Using a good password manager app is a great way to do this. They can even help you create new strong passwords to replace old weaker ones.

Other Zoom Type Apps

If you want to try another Zoom-like app there are a few good ones out there. These include:

  • Google Hangouts
  • Skype
  • Cisco’s Webex
  • Go To Meeting Free
  • Microsoft Teams

Recommendations For Using Zoom

  • Use Antivirus on your PC
  • Have a Firewall installed
  • Be careful of who you invite to meetings
  • Use a VPN to access Zoom
  • Setup end-to-end default encryption
  • Lock meetings and password protect them
  • Hold users in the waiting room before admission
  • Monitor the participants list to avoid unknown users
  • Avoid only dial-in participants
  • Avoid file and screensharing that could spread malware

To Recap…

Since the start of the pandemic, Zoom has become very popular for online meetings and chats. However, it is important for all users to be aware of potential security risks and take precautions.

For more information on antivirus programs, see our Mega Antivirus Software Review.