Zoom has recently taken on a massive influx of users, but that additional attention has revealed a cavalcade of surprising security issues within the video-conferencing application. On one hand, the platform’s developers can be excused for missing the potential issues with some of their initial design choices. On the other, Zoom has problems other services resolved years ago, so perhaps it should have paid closer attention to similar apps in the market.
Zoom has been around for about seven years but the coronavirus, and the complications of working from home and practicing social distancing, have recently pushed it into the limelight. This popularity began with the app slowly winning customers over within the enterprise market prior to COVID-19. Zoom is less expensive than most other major video conferencing apps, is considered to have a more intuitive interface, is usable in most countries, and has a simple invitation system. Before this coronavirus, Zoom was already progressing with its user base, so when these companies switched to working from home full-time, it didn’t take long for the app to become synonymous with video conferencing.
Unfortunately, the reasons Zoom is thought to be a great tool are potentially overruled by the many reasons to avoid the software entirely. Zoom is making national headlines for all the wrong reasons. It has staggering privacy issues; some of which were intentional design choices while others are just oversights. One of its biggest strengths, its invite system, is being abused as it becomes the latest internet trend. And with all of these issues, the company has made a habit of being misleading about how it handles user data.
Zoombombing Changed the Narrative Around Zoom
The act of disrupting a video chat by joining uninvited is known as Zoombombing. Regardless of it being avoidable through several means on the user end – from setting up private rooms, to adjusting how invitations are sent, and more – this is Zoom’s biggest issue. If people who’ve flocked to the app for work or educational reasons can’t trust that those conversations will play out without interruption, that’s bad news for Zoom. The Zoombombing trend is becoming an even larger threat as social media personalities have recently started recording their Zoombombing pranks and posting them online, so Zoom’s biggest issue is evolving into the internet’s latest meme. Even if users can be smarter about their settings to avoid the problem, it’s reasonable to wonder how Zoom’s developers didn’t predict this would happen.
Zoom Has a Rocky Relationship with Security
The number of back-end security holes related to Zoom is shocking, and the worst part is most of them are things users wouldn’t notice unless they knew to check. In 2019, there was already a major flaw that could force people into video chats, with their microphones and cameras turned on automatically. even if they’d already deleted the client. The hits kept coming from there. Last week it was revealed that the company is dishonest about its encryption. They say it’s end-to-end, but that characterization is based on their own, inaccurate definition, meaning Zoom has the capability of listening in on video chats. Security firms recently discovered the app can turn a Windows user’s UNC path into a clickable link, making it possible to send that person’s PC login info to other places. This enables a remote user to open programs on someone else’s PC.
Zoom’s Company Directory “feature” can connect strangers into groups where they unknowingly share personal data, including their email addresses, with one another. Zoom was recently criticized for leaking user data to Facebook, even if those users don’t have a Facebook account attached to Zoom – a problem Zoom’s developers weren’t even aware of until it made headlines.
Writing this piece has been difficult because it’s easy to imagine a major, new flaw showing up once this is published. Zoom excels at its primary task, and as such, it will likely continue with its ubiquity. However, it also has a responsibility to do better by the users who depend on it right now. Expect a “Part 2” for this article.
