By | Mohamad Farhan bin Mohd Rahimi
Introduction
Zoom, a video telephony technology developed by Zoom Video Communications Incorporated, has recently seen a surge in downloads since the protracted COVID-19 pandemic led to quarantine orders being implemented worldwide.
Zoom video-conferencing is easy to manage and user friendly. It allows meetings of up to 100 participants at a time with a 40-minute limit on group meetings. The Zoom client has a simple and user-friendly design. Even the navigation menu makes it easy to manage meetings, contacts and groups. Each user only needs three easy steps to start a Zoom call or conference. Users need to have a Zoom account, a working webcam and stable Internet connectivity speed. Mobile users can download a mobile version to their smartphone to participate in calls compatible with Windows, Mac, Linux, iOS, and Android. By clicking on the Zoom invitation link, users can easily conduct online meetings.
Zoom encourages users to install desktop applications even though Zoom calls are accessible through a web portal. The reason is that using Zoom on a web portal may limit access to online calls, particularly inbound. The Zoom web portal is primarily used for changing your profile, meeting settings, or Zoom Phone settings. Users can also use the portal to schedule, view, and edit meetings.
Security Concerns
Security concerns over Zoom application have been growing since early April this year. Since the Covid-19 restrictions, Zoom’s daily active users shot up as people had to rely on this video conferencing platform for work meetings, online classes, support groups and webinars. At that time, the application lacked secure end-to-end encryption features, which led to widespread data leaks and privacy issues.
With the rise in popularity of Zoom around the world now, there is a cyber threat that threatens the video conferencing platform to the detriment of users' privacy. Zoom bombing occurs when someone gains unauthorized access to directly enter a Zoom meeting and create a disturbance. These uninvited guests share their screens to bombard real attendees with disturbing content or videos. The main purpose of the attacker is to harass meeting participants.
Based on observations, it was found that security issues were triggered due to user failure in understanding the steps for Zoom application settings for the purpose of protection from third parties. Experts felt that the security configurations should be enabled by default, in addition to applications that essentially set that ease of use as a key aspect of the product to attract users.
Mitigation Measures
If you are among millions of users who have become loyal Zoom users, you may be wondering what all this means for you. Is Zoom conferencing safe to use or not? It is best not to use this medium if it involves sensitive and high-profile data especially if you want to discuss national or corporate confidential matters or disclose personal health information to patients.
Government and healthcare sectors which have strict information security and confidentiality policies should avoid video conferencing apps such as Zoom which may potentially compromise their respective agencies.
Users must review the importance of their online meetings as well as the associated risks and consequences before deciding on the use of Zoom. For example, online classes for schools and universities, after-work meetings, or even work-from-home meetings that do not expose confidential matters may be deemed acceptable.
To maintain the security of your next meeting, here are some basic security and privacy tips which can keep your online conferences safe.
-
Strong password for Zoom meeting
Automatically, Zoom will activate the “require meeting password” option when the host creates a new Zoom meeting and sets a random 6-digit password. This setting is one of the default security features that cannot be removed to ensure that only invited participants can access your Zoom meetings. Forgoing this security feature will allow anyone to gain unauthorized access to your meetings. There are additional options to set your own stronger passwords by incorporating features in the recommended password policy. This is one of the more effective ways to increase the level of privacy of an online meeting in the corporate sector.
-
Avoid sharing Meeting IDs
Each Zoom host includes a permanent Personal Meeting ID associated with their Zoom account. If the ID falls into the wrong hands, the perpetrators can check if there is an active meeting and the potential to participate illegally. Sending a Zoom invitation email is more convenient and secure than copying and pasting a URL to someone publicly. Users are encouraged to create a new meeting as a different ID will be generated by Zoom for security purposes.
-
Zoom Waiting Room
The concept of waiting room for the Zoom application can provide a high level of security to the users. For example, if a guest comes to your home, he or she will first be greeted by the host. Next, the host will check and identify who the person is before accepting the guest.
The same goes for the Zoom application which also applies a similar concept. If this feature is enabled, the host will be able to determine who is authorized to enter the meeting before or during the meeting. Participants who join the meeting must wait in the waiting room for confirmation from the host. Both parties will receive an alert.
-
Update Zoom Client
You are strongly encouraged to install a new update if you receive a notification to update your Zoom client. As we all know, installing the latest updates can prevent threats and fix any shortcomings in the application or system. Therefore, it is important and appropriate for users to scan and install the latest updates for security purposes. As Zoom is one of the most popular communication platforms, it is vulnerable to threats of unethical attackers. It is advisable for users to install updates to get security patches for the latest vulnerabilities.
-
Disable screen sharing from participants
By default, Zoom has set the participant screen sharing settings without permission. This is to ensure that no participant attempts to distract the presenter or accidentally press the sharing button while making a presentation.
-
Activate the lock meeting function
After making sure all the above tips are implemented, you can use the lock function of the meeting after ensuring that all the invited participants have joined the meeting. This function is to ensure that no one else can enter the meeting illegally without the permission of the host.
- Beware of malware There are various malware threats due to the increase in Zoom users. This includes fraud, phishing, and other COVID-19 themed attacks. Therefore, it is recommended that users install the Zoom installer or any latest security updates from Zoom's own official website (https://zoom.us/). Avoid downloading Zoom-related applications from third-party sites which may pose a risk.
-
Use a randomly generated ID
If you use the Zoom Pro version, you can apply your own ID to make it easier for users to remember the ID you have set. Even so, an attacker might be able to guess or carry out a brute force attack to get your ID. It is better to continue using the random ID provided by Zoom. Avoid sharing your ID, especially on social media.
-
Use alternatives
Zoom is not the only video conferencing platform, but it is easily the most popular. Should a user have any concerns about Zoom, there are a number of other useful video conferencing applications too. Secure video conferencing is crucial for any business no matter the size.
Conclusion
Most of us still utilize the Zoom platform to interact virtually with friends and family. If you are using it for social purposes, then the application is quite safe. So far, Zoom has done its best to address reported security issues. Zoom has also added new security features and improved its privacy settings.
Despite the latest enhanced features on Zoom, companies are advised to remain vigilant by considering the above tips to increase security and productivity of your meetings. Let’s keep in mind that no online application or web portal is guaranteed 100% safe from cyber threats. Stay alert and stay safe!
References
- T. Charlotte, “Zoom explained: Understanding (and using) the popular video chat app”, (2020, August 12). Retrieved from https://www.computerworld.com/article/3570623/the- zoom-meeting-app-explained-understanding-and-using-the-popular-video-chat-software. html. [Accessed 7-September-2020]
- W. Paul, “Zoom security issues: Here’s everything that’s gone wrong (so far)”, (2020, July 31). Retrieved from https://www. tomsguide.com/news/zoom-security-privacy- woes. [Accessed 7-September-2020]
- O., Kate, “Zoom Security Tip: Avoid the App and Do This Instead, Here’s Why”, (2020, April 29). Retrieved from https://www.forbes. com/sites/kateoflahertyuk/2020/04/29/ zoom-security-tip-avoid-the-app-and-do- this-instead-here's-why/#7308578248d9. [Accessed 7-September-2020]
- O. Charlie, “Zoom security: Your meetings will be safe and secure if you do these 10 things”, (2020, April 22). Retrieved from https:// www.zdnet.com/article/make-sure-your- zoom-meetings-are-safe-by-doing-these-10- things/ [Accessed 7-September-2020]
- J. Matthew, “Getting Zoom Security Right – 8 Tips for Family and Friends”, (2020, May 5). Retrieved from https://www.tripwire.com/ state-of-security/security-data-protection/ getting-zoom-security-right-8-tips-family- friends/ [Accessed 7-September-2020]
- D. Nield, “How to keep your Zoom chats private and secure”, (2020, May 4). Retrieved from https://www.wired.com/story/keep- zoom-chats-private-secure/ [Accessed 7-September-2020]
- Gadgets Now Bureau, “Government has 9 tips that you must follow for safe Zoom video meetings'', (2020, April 22). Retrieved from https://www.gadgetsnow.com/slideshows/ government-has-9-tips-that-you-must-follow- for-safe-zoom-video-meetings/Disable-join- before-host-feature-in-the-settings-menu- of-Zoom-chat-app/photolist/75284794.cms [Accessed 7-September-2020]
- R. Hodge, “Using Zoom while working from home? Here are the privacy risks to watch out for”, (2020, April 2). Retrieved from https://www.cnet.com/news/using-zoom- while-working-from-home-here-are-the-privacy-risks-to-watch-out-for/[Accessed 7-September-2020]
- L. Abrams, “How to secure your Zoom meetings from Zoom-Bombing attacks'', (2020, March 31). Retrieved from https:// www.bleepingcomputer.com / news / software/how-to-secur e-your-zoom- meetings-from-zoom-bombing-attacks/ [Accessed 7-September-2020]
- W. Jane, “Coronavirus: Zoom is in everyone’s living room – how safe is it?”, (2020, March 27). Retrieved from https://www.bbc.com/ news/technology-52033217. [Accessed 7-September-2020]
- “Zoom Help Center”, Retrieved from https:// support.zoom.us/hc/en-us.[Accessed 7-September-2020]