We all know how difficult businesses can have it, especially in this unpredictable climate. Whether you are an entrepreneur looking to start your own website or a massively successful chain, no company is completely untouchable, and it can take just a few wrong turns before things come crashing down before you!
Never has the above been more accurate than for Zoom. The cloud platform that makes video calling for work or pleasure simple, straightforward, and excellent quality too. At the start of the year, the business was booming for Zoom, and as the COVID-19 pandemic struck and more and more people globally were forced to work from home, the platform because one of the market leaders for conference calling enabling teams across the world to communicate more efficiently.
However, the success was short-lived with rumors of massive security breaches making would-be customers suspicious of investing in the software, and those who already had, far more reluctant to use it.
So what is the latest for Zoom's security vulnerabilities, and are they really genuine? Let's take a look.
Zoom leaks your data to Facebook, even if you don't use Facebook
What happened here was that Zooms 'login with Facebook' feature leaked information about the basic diagnostics of the phones and tablets from which the app was launched. It appears the Zoom developers were after the ability to use Facebook's SSO. While they did get that, they also unwittingly got tracking and sharing back to Facebook, and Facebook was then creating a unique ID for users, which would have helped them advertise more directly. However, Zoom acted quickly, removing the problematic feature within days of being notified.
It's possible to 'eavesdrop' on Zoom video conferences and calls
The fundamental problem here is that Zoom does not enforce End to End encryption in video conference calls, and this does leave them exposed to outside parties being able to reveal the contents of the conversation. If E2E encryption were in place, this would not be possible. Despite Zoom claiming to have E2E encryption, theirs is a somewhat watered-down version that Zoom itself could still decrypt. Genuine E2E encryption means only those who are involved in the call would be able to reveal its contents. While not really an issue for those using Zoom for everyday conversations, this is a massive issue for businesses and individuals who do require this level of security.
However, for everyday users and businesses, this is not a massive issue providing the certificate exchanges are happening as they should. If this is the case, secure levels on Zoom remain pretty much on par with any HTTPS interaction, which is actually reasonably high.
However, many still strike this as a black mark against Zoom because they claimed to have E2E encryption, which wasn't entirely true. Currently, Zoom are looking into this, but it will likely take months before any update is released.
Zoom reveals your passwords to fellow users
The reports around this one suggest that Zoom allows hackers to obtain your Windows passwords via UNC Links because they chance UNC paths into clickable links, which, if clicked upon, would send an easily crackable password version to a site specified by the hacker.
At the beginning of the month, Zoom promised a fix for the issue. However, it's important to note that the person who wants to steal the passwords needs to be in on the call to create the clickable link, so it all depends who your friends are!
It was revealed that there were two bugs able to take advantage of some software architecture decisions that Zoom made. These were able to subvert the dodgy malware preinstaller technique and go on to launch anything the attacker desired as root and secondly use Zoom's local library validation to overthrow library functions to gain access to mic and webcam permissions. Zoom did, however, release an update to address both the problems and the real lesson here might be not to run malware on your devices!
In short, it's clear that Zoom has security issues, but this is because the software is so sophisticated, and unfortunately, that makes it just part and parcel of the trade. The fact that in the overwhelming majority of cases, Zoom has responded as fast as possible to create fixes reflects that it takes its customer's security seriously. While other bugs and issues may crop up over time, this has got to count for something.