Zoom has been heralded as the solution to use for online meetings during the COVID19 lockdown, but When looking more in depth, Zoom presents multiple security risks.
Its use has been approved for use by government and business. Cabinet meetings are using this tool at least in the UK and New Zealand.
However the use of Zoom services seem to expose users to many security issues:
- New York City Department of Education had moved to stop teachers from using the software to communicate with students. This is due to privacy concerns.
- Taiwan’s government has banned the use of Zoom for government meetings and for school use. It has cited “security or privacy concerns.”
- The Zoom encryption is not happening end-to-end, only between the users and the server. This means that someone accessing the server legitimately (or not) can access to your meeting.
- If a user records any calls via Zoom, administrators can access the contents of that recorded call. This includes video, audio, transcript, and chat files. It also allows access to sharing, analytics, and cloud
- Further to the previous point, Zoom servers are not properly protected. Stolen credentials are found for sale on line.
- Bugs may compromise webcam and password security.
- The recording are relatively easy to hack.
- Information-security researchers know of several Zoom “zero-day” exploits, according to Vice.
- Zoom is linked to Chinese companies
- some of Zoom traffic was detected as having transited via Chinese servers.
- Zoom is sometimes issuing encryption keys issued on Chinese servers
- Zoom is a company listed on Nazdaq, but appears to be Chinese at heart. According to Citizenlab, “The mainline Zoom app appears to be developed by three companies in China, which all have the name 软视软件 (“Ruanshi Software”). Two of the three companies are owned by Zoom, whereas one is owned by an entity called 美国云视频软件技术有限公司 (“American Cloud Video Software Technology Co., Ltd.”)”
Zoom is exceptionally usable and a very convenient way to hold meetings. However the participants need to be aware that their privacy is likely to be compromised, and that the content of the meeting is probably accessible by other people.
CitizenLab has conducted an in-depth analysis of the service, advising not to use the services of Zoom if you need privacy and confidentiality, especially for
Governments worried about espionage
Businesses concerned about cybercrime and industrial espionage
Healthcare providers handling sensitive patient information
Activists, lawyers, and journalists working on sensitive topics
There are alternative solutions available, and you might be interest at the analysis conducted by Computerworld.