Zoom is Awesome, Stay Secure, Avoid Interruptions and Start Streaming!?

I love Zoom, man... finally, I just click and there I am in the meeting! No long logins... no weird messages... no fuss, no muss.

Zoom is the perfect example of how the user interface (#UI) and user experience (#UX) is critical. Also how first mover Skype, Cisco, Hangouts, Teams... is not an advantage when you fall behind in delighting the user. Dev teams, don't take this personally, just put the user first, and if its old and slow... cut it, improve the key functions.

Anything that works and is praised, gets attacked. So now, the honeymoon is over. Time to get serious about using Zoom because of #zoombombing. First the good news and then the security considerations:

Good news: Zoom offers: streaming straight to Facebook and YouTube! Wow! Just click and 1,2,3 you are live streaming to the world!

How To Stream: Login in to Zoom.us Go to Settings -> In Meeting (Advanced) and you'll find:

When you are in the meeting: Click More (this is represented by "...") then you'll see Live Stream to Facebook or YouTube. Click and basically accept the defaults, name your stream and you are live! Like above.

How To Record: When you are the host, Click Record

Zoom is really easy to record! This is great for classes where I needed to record lectures. Now I know all the rest do this... or maybe they don't but the point Zoom wins on is EASY.

Is Zoom for secure conversations? No... and neither are the above, if its that secure have the conversation in a prefabricated Faraday cage and make sure to use an air-gapped laptop...

If its not that secretive, and my classes and most webinars are not, then taking the basic precautions below are good to ensure we don't have unwanted interruptions.

Here are some good ideas from the IT Security at National University of Singapore.

1.    Guard against “Zoom-bombing”

Zoom-bombing is when someone gains unauthorized access to a Zoom meeting to eavesdrop on the call or to harass the participants. To prevent this, do ensure that the “Require meeting password” setting is always enabled, and set a random 6-digit password.

2.    Download and install the latest Zoom client from official sources

Cyber criminals are riding on the sudden popularity of Zoom to create malware masquerading as Zoom installers and to build phishing sites using Zoom-related domains. Download and install the latest official Zoom client. Apple App Store or Google Play. Do not click on any suspicious links from emails or websites.

3.    Do not click on suspicious links in Zoom chats

Older versions of the Zoom Windows client have a security vulnerability in its chat feature that allow attackers to steal the Windows credentials of users who click on a malicious link. Please ensure that you are using the latest version. Even then, always be vigilant and do not click on any suspicious links.

4.    Do not share your Personal Meeting ID (PMI)

Each Zoom user is given a PMI that is associated with their accounts. If you divulge your PMI to someone, they will always be able to check if there is a meeting in progress and potentially join in if a password is not configured. Instead of sharing your PMI, create a new meeting each time and only share it with the meeting attendees.

5.    Do not discuss or share sensitive/confidential information

All data transmitted during video and audio calls between the user and the service is encrypted, however, this is the internet... Please refrain from discussing sensitive or confidential topics using Zoom... or any platform on the internet for that matter.

6.    Vulnerabilities in older versions of the Zoom Mac OS client

An attacker with physical access to your Mac can exploit security vulnerabilities in older versions of the Zoom Mac OS client to gain administrative privileges to your system, or unauthorized access to your microphone and camera to perform hidden recordings without your knowledge. Please ensure that you are using the latest version to prevent this from happening.

Thanks IT team at National University of Singapore!

Now, if we still can't go out for coffee in person, you'll have more safe fun on Zoom!

Protip: Do ask people to turn on their cameras! See some smiling faces and lighten the mood! We are all in this together!

Have a great next meeting!

Keith B. Carter