The Zoom video conferencing app is a great way to keep in touch with work, friends, and family. You can all pile into a single Zoom meeting, with each person’s camera filling an equal part of the screen.
Zoom is a revelation for many users, and the free 40-minute meeting is perfect for those that don’t want a premium subscription to the web conferencing service.
As the number of Zoom users skyrockets, can you trust Zoom with your private conversations? Moreover, how can you protect and secure your Zoom chats from interference?
Is Zoom Safe?
Let’s start with the most pressing question: Is Zoom safe to use?
The number of Zoom users rose sharply in the early months of 2020, in response to the COVID-19 pandemic. Despite Zoom’s recent popularity (adding over 2 million users in 3 months), the company has a shaky recent history regarding user privacy and security.
Now, with educators, businesses, and even governments using the service to conduct business, the Zoom’s security credentials are more important than ever.
Unfortunately, in many cases, Zoom’s security and privacy practices aren’t great. Here’s a quick list of Zoom’s security and privacy issues, to bring you up to speed:
- Zoom meetings are not end-to-end encrypted, despite Zoom claiming to use the AES 256 encryption standard. Only the initial connection to the Zoom server carries encryption. The video conversation is sent over UDP and is not secure.
- The Zoom app leaked “at least a few thousand” email addresses due to how Zoom treats personal addresses. Signing up to the service using the same domain adds the personal address to a “Company Directory,” allowing anyone with the same domain to call someone on the list. The issue affects users signing up with a non-standard email domain (so, not Gmail, Hotmail, Yahoo, and so on).
- The Zoom macOS app uses an installation technique associated with malware, abusing preinstallation scripts. If the macOS user is not a system administrator, the Zoom app creates an admin login and password prompt to gain access to the root directory, allowing Zoom to do whatever it wants on the system.
- Apple also had to stop Zoom installing a secret web server on each Mac installation, which Zoom did not remove once the user deleted the service. The security researcher that disclosed the issue, Jonathan Leitschuh, says the webserver would allow a malicious website or otherwise to activate the webcam of the Mac without user permission. Leitschuh declined a security bug bounty worth thousands of dollars because Zoom included a non-disclosure agreement as part of the payment, which would have forced Leitschuh to keep the vulnerability secret.
- Zoom was allegedly disclosing personal data to several companies, including Facebook, regarding the user’s Zoom use. The Zoom iOS app sent notifications to Facebook regarding the user profile, device, mobile carrier, and more. Zoom has since patched this issue, but not before a user filed a lawsuit in Californian federal court.
- If a user doesn’t set strong enough (or any!) password to protect their Zoom meeting, trolls take advantage of the open access and invade the conversation, posting adult or other explicit material in an attack known as “Zoombombing.”
Keep in mind that Zoom’s persistent web server was the only legitimate piece of software I’ve ever seen Apple remove from all Macs using their Malware Removal Tool. ?
— Thomas Reed (@thomasareed) March 30, 2020
That’s just six security and privacy issues Zoom users face. It isn’t the whole picture, which is worrying. Even while writing this article, three new vulnerabilities hit the internet, two of which were zero-day exploits.
Many schools and workplaces have jumped on Zoom as a handy and cost-effective method for keeping in touch and assigning work. For countless users, there is no alternative to using Zoom. At least, not at the current time.
If that sounds like you, check out our guide on how to use Zoom to host online meetings.
How to Secure Your Zoom Meeting
If you must use Zoom, you can take a few steps to better protect your privacy and the security of your fellow users.
1. Do Not Share Your Zoom Meeting Details on Social Media
At the end of March 2020, many members of the British government were self-isolating due to COVID-19. The British Prime Minister, Boris Johnson, held “the first-ever digital Cabinet” meeting using Zoom. Boris Johnson then posted a screenshot of the meeting to Twitter—complete with the Zoom meeting ID.
This morning I chaired the first ever digital Cabinet.
Our message to the public is: stay at home, protect the NHS, save lives. #StayHomeSaveLives pic.twitter.com/pgeRc3FHIp
— Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 31, 2020
Of course, hundreds of people attempted to access the Zoom meeting, which thankfully also had a password.
However, it illustrates what can happen if you post identifying information to social media. Unscrupulous people will abuse it.
2. Assign a Zoom Meeting Password
You should always assign a password for your Zoom meeting. The Zoom meeting password uses up to ten characters, including symbols. Each user must input the password before entering the Zoom meeting, stopping intruders and Zoombombing trolls.
The default Zoom password creator only uses six digits, which a competent password cracking program will reveal within minutes. Even increasing the Zoom password to ten digits will only stop an attacker for a few minutes longer. The best option is to create a unique ten-character password for each Zoom meeting you create.
Now, creating a strong and unique ten-character password is tricky, especially if you need to create multiple passwords each day. Check out the best websites where you can create a unique password. Set the correct number of characters, generate the password, then copy and paste it into the Zoom meeting password box.
Change Zoom Meeting Password Using Web App
In the Zoom web app, select your account icon in the top right corner. Head to Personal > Meetings > Schedule a New Meeting.
Scroll down and make sure Require meeting password is checked, then enter your unique ten-character password. Set any other meeting details, then select Save.
Change Zoom Meeting Password Using Android or iOS App
In the Zoom Android or iOS app, select Schedule. Create a strong, unique password under the Password section. Set any other meeting details, then select Done.
3. Use a Random Zoom Meeting ID for Each Meeting
In the same section as the Zoom meeting passwords, you can also choose to use a personal meeting ID, which remains constant or to generate a random meeting ID.
Using a single meeting ID is handy if your group meets every day. However, randomizing the meeting ID creates an extra layer of privacy and security, as the ID is never the same.
4. Turn Off Attention Tracking
Zoom allows meeting hosts to track the focus of users while connected to the same room. The host can see an indicator in the list of users that indicates whether the user has Zoom in focus during screen sharing sessions.
If you are the Zoom meeting host, you can turn this off. Zoom users can also turn this setting off in their settings, stopping the host from tracking their attention. However, if the Zoom meeting host forces the entire group to use attention tracking, a user cannot override the decision.
Furthermore, the attention tracking option is only accessible through the Zoom web app. There is no option to turn attention tracking off using the Android or iOS app.
Turn Off Zoom Attention Tracker Using Web App
In the Zoom web app, select your account icon in the top right corner. Head to Personal > Settings > Meeting > In Meeting (Advanced). Scroll down and uncheck Attention tracking, then select Save.
5. Turn Off Local Recording, Turn On Recording Consent
You can exert some control over the Zoom host or other participants recording your Zoom session. At least, you can if they attempt to use the integrated recording option. If the meeting host or any other user records the session using a third-party recording tool, you’re fresh out of luck.
That doesn’t mean you shouldn’t turn the recording option off. With it switched off, the host will not be able to record the session to a local file without your consent.
Like the attention tracking feature, you can only edit Zoom recording options using the Zoom web app.
Change Zoom Recording Settings Using Web App
In the Zoom web app, select your account icon in the top-right corner. Head to Personal > Settings > Recording. Now, switch off Local recording to stop the host or other users recording to a local file.
Underneath, switch on Recording disclaimer, then check both boxes. When you select both options, the host must request consent to record the Zoom meeting. If you’re the host, you’ll ask for consent, and if you’re a participant, the host will ask for your permission.
6. Remain Private While Using Zoom
If your workplace, school, or otherwise insist on using Zoom, practice personal privacy. In that, don’t talk about anything you don’t want to expose to Zoom or anyone else. Keep personal and confidential data to a minimum.
It is easier said than done, especially if you’re talking to excited family members or trying to broker a business deal. It will protect your privacy and security from Zoom in the long run, so it is worthwhile to attempt.
You can also share this article with your friends, family, teachers, and colleagues so that they understand why you’re reluctant to a) use Zoom, and b) expose private information while using the platform.
Try a Zoom Alternative to Protect Your Privacy
Zoom is the video calling app in vogue, but it is far from the perfect choice. The privacy and security issues you encounter with Zoom are a real shame because the video calling quality is excellent, the apps are easy to use (even for technophobes), and it is helping keep families and workplaces connected during this extremely trying time around the globe.
There are alternatives to Zoom that offer much better security and privacy out of the box. If everyone in your family uses an iOS device, FaceTime allows up to 32 participants and uses end-to-end encryption. Skype now allows up to 50 callers in a basic session, and while the connection can become a bit choppy (and Skype itself is somewhat irritating at times), it uses end-to-end encryption and other security standards that Zoom simply does not.
Want to understand more about the issues and vulnerabilities between different video conferencing apps? Or perhaps you’re trying to boost your privacy and security online? If so, check out our essential online privacy tips, covering everything from social media to emails, VPNs, online dating, and more.
Read the full article: 6 Ways to Secure Your Zoom Chat and Why You Need To
from MakeUseOf https://ift.tt/2wVSMrn
via IFTTT
No comments:
Post a Comment