Due to the COVID-19 pandemic, Zoom has seen an increase in popularity among educators, businesses, and government entities across the country. With recent news of major vulnerabilities in Zoom’s software, many of these users are unknowingly (and sometimes knowingly) putting themselves in a position of cybersecurity risk.
“Well that doesn’t affect me, I’m just using it to hang out with my friends”
“This is being used for educational purposes, not secret meetings.”
Wrong.
Here’s a quick rundown of those issues:
ZOOM Bombing: An uninvited user enters a meeting to share offensive or inappropriate content to unsuspecting users.
Zero-Day: Root System Access(Mac OSX) - A code injection into the Zoom installer could allow an attacker to gain full root-level access to the system. Check Point Software notes that within the week of Zoom’s rise in popularity, around 400+ domains were registered that included the word “Zoom.” This could cause less tech-savvy users to unknowingly download a hacked version of an installer from one of these fraudulent websites, allowing hackers to gain access to their computers.
Zero-Day: Camera/Microphone Access(Mac OSX): Attackers exploit Zoom’s software to allow remote control of the user’s camera and microphone.
Data Leaks to Facebook: Zoom has been accused of sharing data with Facebook without user consent.
While Zoom has released patches and disabled features to help address its growing list of security and privacy issues, we can’t help but develop more questions regarding its general security practices and methodology.
If you’re able to call the shots yourself, we strongly recommend you consider a different platform (here’s some help if you have trouble deciding). But if you can’t — because your employer or meeting host is adamant about using Zoom — here are some ways to make for a more secure experience.
Verify that you are using the most updated version of Zoom’s software to make sure you have the latest patches and security fixes.
Use Random meeting ID’s - Do not use the same ID for every meeting, this makes it easier for Zoombomber’s to guess your meeting ID and bomb your meeting.
Use the Zoom Web Client option (Note: this requires you to cancel the download of the software when prompted, then click the “join from your browser” link below)
Enable Waiting Room Feature requiring attendee entrance to be approved.
Disable Join Before Host Feature
Only allow Zoom Host to screen-share
Lock Meetings Once everyone has joined
Do not use publicly available meetings/classrooms
Do not share meeting links publicly