Zoom or Boom - What is the issue with Zoom’s Security?
Many companies have suffered from the current global lockdown, but Californian based Zoom is not one of them. Trading at $56 a share at Christmas it is now $130. Zoom has gone Boom! Their founder is currently worth a cool $5 billion. Millions of people, families, grandparents, yoga teachers, homeworkers now benefit from Zoom’s simple ability to connect isolated people. And good for them.
But cracks have started to appear in their meteoric halo. Their stock is down 20% in a week. Not because Boris Johnson used their product to broadcast to his cabinet. Not because they have risen to be Apple’s most downloaded app. (the same on Google Play). No, its questions over security. But what exactly are these issues and are they valid?
As a corporate should you endorse Zoom or highlight these issues as a reason not to use this product? If nothing else the layman will have heard about “security issues” and if that layman is a client and you suggest using this product to discuss their confidential matter, they may have a lessor view of you.
Taiwan has banned its officials from using Zoom after it was found that North American calls and associated encryption keys were routed through China. Oops. Apple quietly removed the Zoom webserver from Macs last year after it was discovered a hacker could host a zoom conference using your webcam - even if you had uninstalled the Zoom app.
“Zoom Bombing” doesn’t involve a B52 but does involve someone uninvited joining your Zoom call and shouting abuse. It’s quite easy to find a meeting number and join. Not good in the middle of that client presentation. The FBI has warned about this risk. New York public schools are now removing Zoom. The MOD and NASA have banned it, as have all schools in Malaysia. And LA and Washington. Even my kids’ school is having second thoughts.
But Zoom uses 256 bit encryption – well researchers at a Canadian university disagree; its 128 bit. China has been issuing Zoom encryption keys – even when all the callers have been in North America. Why? Scary. What about end-to-end point security – depends on your definition of ‘end to end’ Zoom say. Oh dear.
And as for use of your data. Lots of issues. After an uproar Zoom has changed its privacy policy. Basically, they could do what they wanted with your data. It was ‘leaking’ to Facebook. Even if you didn’t have a Facebook account. Few people read privacy notices and we trust big companies to do the right thing. Well Zoom are now a big company and they didn’t do the right thing. That’s a loss of trust. That’s what puts you up in Federal Court, as they were last month. As they are this month – accused of ‘concealing the truth’ in shortcomings in Zoom’s security.
And there’s more: Issues with hackers able to easily change code; Software being distributed with malware; Chats being exposed; Passwords being shared. Etc. Is Zoom about to go Boom ?
Zoom founder, Eric Yuan, has declared that his entire company’s resource is now directed to addressing the issues. He's even hired Facebook's former security chief to help out. Undoubtedly, he’ll come back with one of the most secure systems on the market. He has to. But as we all know that’s not a story and the damage has been done.
So, what should you do? If you use Zoom to engage in non-confidential conversations it’s free, easy to use and it works. Take some simple security precautions, a small risk and keep using it. 200 million people do.
If you conduct confidential meetings – or want to support an image of professionalism – don’t touch it (at least not for now). Leave it to the yoga teachers and the local church singers now conducting their practice sessions virtually. There are lots of alternatives, many free. Clients need to know that you take confidentiality seriously. They read the headlines too. Zoom’s reputation is damaged, don’t let it damage yours.
Duncan Eadie is Principal with Professional Plus Solutions, a leading technology consultancy serving the legal community for 21 years.
Director of PC Legal Tech | RAF Veteran | Expert in Legal Tech Solutions. Proven leader in delivering complex global projects. Strong communication, organizational skills, and cross-functional teamwork.
4 年Isn't this the iPhone V Blackberry conversation we had many moons ago. 1. It's likely that zoom will become one of the securest options. 2. its very simple to use and has good functionality, and more importantly, its very easy to get remote users to use. Hope all is good with you and yours my friend, would be great to catch up properly soon..
Live Stream Producer & Host ??Opportunity Generator ?? Lives to Serve & Help Others Succeed??Award-Winning Producer, Creator, Founder & Author?? Diversity Champion??LinkedIn Top Voice ?? Top Thought Leader
4 年The key is to learn and apply the available security features on Zoom BEFORE using it. Due to the crisis and need for speed, many missed this critical step before using Zoom. If there is a need for encryption or more security, better options are WebEx or Microsoft Teams. Before using any platform, its important to learn and use available privacy and security features.
Helping the teams behind the sports team perform at the highest level with team coaching & workshops | Team Away Days £3k pp | Team Performance Coach | Freelance Facilitator | Team Talk Podcast Host | Charity Trustee
4 年great article Duncan summarising the issues around Zoom security