Zoom Security

With the Coronovirus pandemic locking almost every state, city and country in the world, professionals from every sector are working from home to achieve their business objectives.  ‘Zoom’ the video conferencing software, has been the leader in powering most businesses in this difficult time. ‘Zoom’ is based in San Jose, California and has been helping schools, entrepreneurs, businesses maintain social distancing and yet avoid business disruptions. ‘Zoom’ is enabling students and business partners to meet each other online from the comfort of their own space and complete their school work or business work by meeting each other online. Teachers are able to teach their students, friends and family members are able to meet and catch up online, employers could connect with their employees and more. The basic version of Zoom is free and it allows a maximum of 100 participants and a time limit of 40 minutes per meeting. However, the large enterprise paid version boasts about hosting 500 participants!

Zoom Security:

With so much of happiness in a software what could have probably gone wrong?  It was the pre-Corona days and things were turning slightly worse for Zoom.

July 2019:

Security researchers learnt that hackers could take over Mac webcams through when using the video conferencing software.

Zoom soon fixed the flaw and sealed it.

Late March: Zoom was accused of leaking unauthorized personal data to Facebook.

However, in a March 27^th blog post, Zoom Chief Executive, Eric Yuan stated that they had removed the code in the Zoom iOS app that was sending code to Facebook.

April 2020:

Thousands of personal videos of calls which included children and telehealth consultations were openly found online. Zoom video sessions could be recorded and stored on the local machine or on the Zoom cloud, but some of them found their way online causing much uproar.

In addition, the usage of ‘Zoom’ led to a new type of security assault – ‘Zoombombing’. ‘Zoombombing’ occurs when unauthorized miscreants enter a Zoom meeting and post lewd content.  All these security vulnerabilities were addressed and the security updates were put out which quelled many security worries.

Ban:

However, in the wake of so many security incidents, Google, NASA, German Foreign ministry, Australian Defense Force, the United States Senate have all banned the use of Zoom. In India, the Cyber Coordination Centre (CyCord) of Ministry of Home Affairs has stated that Zoom is not safe for use.  However, if you do have to use it, here are list of security updates that you can use to keep yourself and others safe online.

Security updates:

The host of a Zoom meeting is empowered with a lot of Zoom functions. As Zoom grows and matures with all of us, here are the latest security updates for hosts as of today:

• Set a new ID and password for every new meeting
  This ensures that no Zoombombers will gatecrash a private conversation. Even if they know one meeting ID and password and enter the conversation, they cannot enter subsequent ones.
• ‘Lock’ the meeting after all the participants are in
  Once all the participants of the meeting have entered, it is vital to ‘lock’ the meeting so that no stray member can enter and Zoombom the conversation
• Enable the ‘waiting room’ feature
  This ensures that the host can see the participants and approve them before they join the meeting
• If it is not necessary, do not use the ‘Record’ feature
  The ‘Record’ feature is available and can be used only if absolutely necessary for the host.
• Disable ‘Join before host’ feature
  Disabling this feature ensures that Zoombombers can again not enter the meeting room.
• Restrict screen sharing
  Enable this such that only the host can share the screen
• Know the participants in your meeting
  The host must know the participants in their meeting else, malicious elements will sneak in and post objectionable content.
• Instruct the participants to not forward the meeting link to anybody else
• If it is a large public meeting, you can set up two factor authentication to allow guests to join the meeting but only with a password
• The host can also restrict file transfer during the meeting

These are some security features which when followed will give you a more secure experience with Zoom. As the Corona virus pandemic continues, Zoom and other video conferencing applications will be here to stay and it is up to us to use them wisely!

For Information security’s leading certifications like CISSP, CISA, CCSP – do visit our page at this link.

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst

“ Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train. “