Zoom to fix security issues and flaws
Zoom have announced it's going to fix security issues in both its desktop and mobile apps
Ever since the nation has been told to stay indoors to help stop the spread of coronavirus (COVID-19), the use of video conferencing apps has increased and Zoom is one of many that has been a rise in the amount it's used, both for personal and business use.
Over the past few weeks, Zoom users and security experts have highlighted security issues in the Zoom app: allowing meeting hosts to track meeting attendees and seeing if they have the Zoom app open or not, sending user data to Facebook and claiming Zoom has end-to-end encryption, even though it doesn't. This means Zoom itself can access audio and video footage from meetings if it wished too.
Eric Yuan, Zoom's CEO, has posted a blog update on Zoom's website in which he apologises for not meeting "the community's - and our own - privacy and security expectations".
'Zoombombing' is a phrase that has become known thanks to the rise in the use of Zoom. This is when uninvited users join meetings they haven't been invited to and shout abuse or share pornographic images, among other things.
These uninvited users can join the meetings by simply just guessing the 9 digit ID code, or by searching for meeting IDs that have been searched on the internet and over various social networking sites.
This simplest and easiest way to stop this from happening is to password protect any meetings that you setup on Zoom. This way, only the meeting host and its intended participants can securely join the meeting.
The company have taken steps to fix security issues:
- removing code that collected data from Zoom's iOS app and shared it with Facebook
- Released fixes for Mac related issues
- Removing a LinkedIn feature that also collected data to prevent unnecessary data disclosure
- Updated and clarified its encryption processes
Zoom has also "permanently removed the attendee attention tracker feature" and issued guidance for education users about how to better protect virtual classrooms.
Zoom still has a long way to go in addressing security concerns. In this blog post, Zoom clarifies their use of encryption and how it works.
It says: "in a meeting where all of the participants are using Zoom clients, and the meeting is not being recorded, we encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients."
Zoom also states what 'Zoom clients' are. They are:
- a laptop or computer running the Zoom app/program
- a smartphone or tablet using the Zoom app
- a Zoom Room
When "all participants are using the Zoom app, no user content is available to Zoom’s servers or employees".
For more tech news and reviews, follow us on Twitter @Hart_Pro_Tweets #HartleyProductions and Like us on Facebook and Instagram @HartleyProductionsOfficial. As always, keep checking back on hartleyproductions.uk for more.
Image credit: Zoom