The Security Risks of Using Zoom

As the Covid-19 pandemic has sent millions home to work and meet remotely, demand for video conferencing has skyrocketed. Zoom has become one of the most popular options, offering a wide range of features, a generous free tier and reasonable pricing, and overall user friendliness. Unfortunately, hackers have taken notice of both the platform’s exploding user base as well as its more problematic security settings.

If you’re considering using Zoom to keep in touch with co-workers and colleagues or are currently using the platform, here are a few potential risks to keep in mind:

Zoombombing

Among the most common issues with Zoom to come about in the wake of its widespread adoption is what’s called Zoombombing, where uninvited attendees disrupt virtual meetings, often via posting pornographic and / or disturbing video content and pictures. While this sort of behavior doesn’t come as a surprise on the internet, much of the phenomenon of Zoombombing is due to the platform’s default settings, which can allow for public access and screensharing.

To address the issue, Zoom released a blog post providing tips on how to avoid digital gatecrashers, including disabling file sharing by default, locking meetings, and disabling video. Familiarizing yourself with a few straightforward precautions can go a long way to preventing unwanted disruption.

Phishing and Domain Spoofing

As soon as Zoom began to grow in popularity, hackers immediately began acquiring domain names similar to the company’s official web URLs to mislead their targets into clicking links, downloading malware, or providing corporate credentials.

“The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit,” said a cybersecurity researcher with Check Point, a software company that announced the discovery of 1700 newly registered domains using the Zoom name. 

Zoom users and meeting invitees should be sure to double-check the URL of any links. Zoom meetings will only have a zoom.us or zoom.com domain name, anything that looks similar but isn’t one of these domains is very likely a hacking or phishing attempt. 

Privacy Concerns

While Zoom claims to support end-to-end encryption to provide privacy and security for its users, recent reports have found these claims to be misleading at best: Zoom itself can access unencrypted video and audio from meetings. Practice extreme caution when sharing any potentially sensitive or compromising information in meetings: they may not be as private as Zoom claims.

Zoom has also come under heavy criticism for the recent discovery that it was sharing data with Facebook through its iOS app. While Zoom quickly pulled this information-sharing from the app, many users have yet to upgrade to the latest version, and it’s entirely possible if not likely that other versions are also leaking and sharing information without the express consent of its users.

Should You Use Zoom?

Zoom offers a lot of great features, and its rapid adoption in the already crowded teleconferencing market is indicative of its many qualities. That being said, using it isn’t without its risks, both from its being targeted by hackers and internet trolls as well as its own less-than-stellar record when it comes to transparency about user privacy. 

If secure videoconferencing is a key element of your business, especially in the wake of the Covid-19 pandemic, it might be a safer bet to use some of the enterprise-class and potentially pricier platforms. If your use of Zoom is casual, privacy isn’t a primary consideration and you’re willing to take a few precautions before starting a meeting, Zoom is an acceptable platform. 

Each business has a separate set of needs and requirements, and it’s strongly advised that you do a bit of research before selecting one as a primary means of communication.