Zoom videoconferencing software has experienced a rapid explosion of use with the COVID-19 nationwide quarantine. While Zoom provides an incredibly useful service at affordable prices, there are Zoom security issues to be aware of before you begin using it.
What Is Zoombombing?
The term "zoombombing" refers to people attending Zoom meetings without a prior invite. This practice reached critical notice when meetings involving major companies, government officials and even young school children were "hacked" by uninvited attendees who showed pornographic and inappropriate images and messages. This has led to several lawsuits against the company, and use of it for company activities has been banned by Google, SpaceX, several school districts including the New York Department of Education, and the United States Senate has urged members and their staff to avoid the platform. The FBI sent out a warning on March 30, 2020 warning about the lack of security with Zoom software.
Zoom Security Issues and Zoom Hackers
There are several security issues that have plagued Zoom, even prior to the rise in use with COVID-19. Some major issues include:
- The Zoom iPhone app was sending user data to Facebook, although this vulnerability has since been disabled by the company.
- Zoom has had issues with Mac users' webcams being hacked into, leading to spying on your personal data.
- Zoom has also been found to route calls through China to create encryption keys, making data privacy more vulnerable.
- Hackers found ways to steal the login credentials of users on computers using Windows software.
- Despite claims that it was offering end-to-end call encryption, this has not been exactly the case. The company has issued a clarification on what their actual encryption policies are.
Is Zoom Safe to Use?
For the most part, the answer to whether Zoom is safe to use is yes, provided you understand the privacy settings available to you. The company is also working actively to improve its security features. In an open letter on the company website, Zoom CEO Eric S. Yuan apologized for the problems and noted that Zoom is being used in a way that was not part of its original purpose which was to be enterprise software for companies with their own IT staff who could manage security issues. Use of the software went from 10 million people daily in 2019 to 200 million a day in March 2020 when the coronavirus quarantine began. The company has instituted several changes to its default settings to help with privacy while it dedicates itself to improving security for the long term.
How to Protect Yourself Using Zoom
Update Your Software
Always check regularly to make sure you have the latest update for your Zoom software. Since the company is working to make significant improvements with features and privacy, updates will be critical to keeping your meetings and data as safe as possible. The software should alert you when you open it that an update is an available, but you can also check to see if it's updated by looking at the version number on the initial login screen and checking on the Zoom website for the latest update version number.
Keep Your Meeting ID Private
Never publicly post on social media the URL for your meeting. This makes it much easier for hackers to find it and join.
Avoid Using Your Personal Meeting Room
Set up meetings in your account rather than using your Personal Meeting Room as this ID never changes. If a hacker or other malicious person finds it, this means they'll have permanent access to your ID. To set up a random meeting ID, check the "Generate Automatically" option in the meeting settings screen rather than the "Personal Meeting ID" option.
Don't Allow Others to Use the Screen Share Feature
Do not allow others in the meeting to use the screen share feature by locking it as a default setting or changing the settings to Host Only when you create your meetings. When you are in a meeting, scroll down to the user bar at the bottom and hover your mouse over the Security icon. You can uncheck the Share Screen option here.
"Lock the Door" to Your Meeting
Once your meeting has started and all your participants are online, you can lock the meeting to prevent any new people from joining. The setting to lock the meeting can be found on the user bar at the bottom of the meeting screen. Hold your mouse over the Security icon and check the Lock Meeting option.
Use Two-Factor Authentication
You can require participants to enter a password to join an event. Even better, Zoom recommends sending the meeting ID URL and the password out in separate ways to prevent hackers. For example, you can give people the meeting ID via an email and send them the password via a direct message on Facebook or Slack. As of April 2020, the password feature is now enabled by default on all meetings, but you can turn it off when you create your meeting.
Set Up the Waiting Room
The "Waiting Room" is a feature where people "wait" for the host to join the meeting and start it. During this time they will see a blank screen and will not see or hear other participants until the host begins the meeting. The host can then admit people into the meeting one-by-one, thereby keeping out unknown users. Since April 2020, Zoom has made the Waiting Room enabled by default on all meetings, but you can change it when you set up your individual meetings.
Use Privacy Settings
There are several settings to keep meeting secure that you can set individually with each meeting.
- Setting a meeting to "Mute Upon Entry" means that their microphones will be shut off when they first enter. You also have the ability during a meeting to mute one person or everyone at once, as well as unmute them singularly or as a group.
- Do not allow file transfers during meetings, which can prevent people from uploading images and gifts into the chat window.
- Annotation, or the "white board" feature, can be turned off as well.
- Shut off the private chat feature to keep people from sending unsolicited private chats to individuals in the meeting.
- You can require that participants in a meeting be logged into Zoom with an account before joining. This prevents people from randomly joining meetings who haven't created an account that can be traced.
You can also set these privacy settings as the default for all of your meetings by going to your profile and choose Settings at https://zoom.us/profile/setting. By checking or unchecking each option, this will become the template for all of your meetings, and you do have the option of changing them when setting up an individual meeting.
Know What to Do in an Emergency
If someone does manage to hack your meeting, knowing how to handle them swiftly can make a big difference in maintaining control of your meeting. You can use the Hold feature to put an attendee on temporary hold which will stop their video and audio. You can also turn off their video by disabling it and mute their microphone. To find these settings, hover over the Manage Participants icon on the lower user bar during a meeting, which will open a list of participants in a box on the right of your screen. Click on the More button to the right of the user's name to find the option menu.
Enjoy Zoom Safely With Your Friends and Co-Workers
Zoom is a fantastic tool for keeping in touch with friends and families, no matter where they are in the world. It's also an excellent and almost indispensable software option for companies that work remotely. While it does have some security issues, if you follow Zoom's guidelines for using their safety features and don't post your meeting IDs and URLs publicly, you should continue to use Zoom without fear of having your meeting and data hacked.