How Safe Is Zoom?

Kristina Libby
Photo credit: SOPA Images - Getty Images

From Popular Mechanics

With most of the world working from home due to the spread of COVID-19 (coronavirus), we’re finding new ways to communicate with our colleagues virtually, from chatting on Slack to hanging out on Google.

But perhaps no service has prospered more during the pandemic than Zoom, which has seen its global daily active users skyrocket 67 percent since the start of the year.

By now, you’ve probably taken part in at least one conference call, happy hour, or fitness class on the app. Zoom’s meteoric rise has no doubt helped millions of people maintain a new kind of normalcy while we all stay indoors indefinitely—but with more and more people using the videoconferencing tool every day, that means the privacy risks of using the platform have risen accordingly.

Stories of “Zoomboming” and Zoom hacks are on the rise. Teachers are experiencing disruptive (although not criminal) behavior where users broadcast pornographic, racist, or otherwise vitriolic content, leading the Federal Bureau of Investigation's Boston office to issue warnings about the video conferencing software. And people, companies, and outlets have shared stories of unwanted intruders in, primarily, public Zoom meetings.

Enough users have complained that Zoom has since updated its blog with tips and tricks to protect yourself.

It’s natural to have some questions about using Zoom. So here’s everything you need to know.

Photo credit: Zoom

Can I still use Zoom?

Yes—as long as you exercise some caution. If you’re hosting a Zoom meeting, you’ll need to watch out for a few things:

🤳🏻A public meeting link is public, so don’t share it with anyone you don’t trust.

🤳🏻Same goes for your personal meeting ID. This is essentially a personal phone number that people can “drop in” on at any time. Set up a password for participants to verify their entry before entering.

When you’re in the meeting, you’ll want to:

🤳🏻Manage screen sharing by ensuring you’re the only person in control of the meeting. To do this, click on “Who Can Share?” and confirm that “Host” is the only button clicked.

🤳🏻Manage participants by ensuring only signed-in participants can join the call. This way you know who people are if they’re behaving badly.

🤳🏻Set two factor authentication, remove unwanted or disruptive participants, disable video for participants, and disable private chat.

🤳🏻Say something if you see something. You can report unwanted activity, harassment, and cyberattacks to Zoom directly.

“The weakest link has always been the human user of a product, from letting the trojan horse into Troy to Phishing and Pharming attacks,” says Amir Orad, a cybersecurity expert and CEO of Sisense. “Zoom can definitely help with better default configurations of its software, but if you run a virtual event, you should also master the use of the product.”

Photo credit: Rawpixel

How much is my privacy at risk?

Just like any web-based platform, Zoom collects information on its users, but it also allows others to collect information on you. This can set up situations that may put you and your privacy at risk.

Like Facebook, Zoom’s privacy policy includes the right to collect data, store it, and share it with third parties such as advertisers. This doesn’t just include your name, location, and usage information, but also “the content contained in cloud recordings and instant messages, files, [and] whiteboards … shared while using the service.”

Zoom’s privacy policy also includes video content and transcripts. That’s a lot of data, and if it isn’t secure, it could be a treasure trove of information for hackers. Unfortunately, Zoom had a major software vulnerability over the summer that left millions of users’ videos unsecure.

Zoom has since fixed the video vulnerability. Interestingly, the tool that exposed the flaw allows anyone to manipulate and validate meeting ID codes, which means if someone has a tool like this, they could drop in on any valid meeting at any point in time. One security researcher called it “Zoom roulette.” This has also been patched, but like all found vulnerabilities, if someone wants something bad enough, they can and will find their way in.

It's even possible for bad actors to use software to guess your meeting ID number. Trent Lo, a security engineer with CenturyLink, and members of SecKC, a cybersecurity enthusiasts meet-up group in Kansas City, Missouri, have developed a software program called zWarDial that can predict Zoom meeting IDs, which are between nine and 11 digits.

The program can identify meeting IDs correctly about 14 percent of the time, leading it to find up to 100 meetings per hour. Once it finds an active meeting, the program can determine the meeting link, date and time, who the meeting organizer is, and the meeting topic. As a result, use extra caution in meetings by setting up a password for your Zoom call.

For an additional security step, use Zoom in a web browser rather than launching the application, recommends Electronic Frontier Foundation Director Eva Galperin. “This cuts down on the amount of data that is sent to the company about your calls,” she says.

Photo credit: AnaBGD

What is my company tracking through Zoom?

The host of any Zoom call may have more powers than you think—especially if that person has a corporate account. To protect yourself:

🤳🏻Ask if the host is recording the call, and then double check this yourself. If you see a small red dot, yes, the call is being recorded.

🤳🏻Ask why your host is recording, and where that information is being stored. Recorded content should be stored on a secure server to protect from unwanted and unauthorized use of video content.

🤳🏻Know that hosts can use the built-in “Attention Tracking” tool, which will allow them to know if you’ve clicked off Zoom and into another browser window for more than 30 seconds. This isn’t evident to non-hosts.

🤳🏻Consider your personal room privacy and security as well. You can use a virtual background to avoid sharing unnecessary information about your personal space, such as books, posters, windows, or any other details that give off information about your preferences, habits, or the location of your home.

🤳🏻Turn off your microphone and camera when you aren’t speaking to avoid unwanted tracking of your responses or actions.

Update April 3, 2020: This story has been updated to include recent FBI warnings about Zoom, as well as new research using the software tool zWarDial.

You Might Also Like