Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Commentary – Maybe we shouldn’t use Zoom after all

FBI warns Zoom, teleconference meetings vulnerable to hijacking: “…The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the FBI cautioned. “As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts..to prevent against unwanted participants joining Zoom or other video teleconferencing meetings, the FBI advises users to not make Zoom meetings or classrooms public. Instead, users should require a meeting password, or use the Zoom waiting room to control who has access to particular meetings. The bureau also recommends not sharing links on public social media posts, and instead providing links directly to intended participants…”

TechCrunch: “Now that we’re all stuck at home thanks to the coronavirus pandemic, video calls have gone from a novelty to a necessity. Zoom, the popular videoconferencing service, seems to be doing better than most and has quickly become one of, if not the most, popular option going. But should it be? Zoom’s recent popularity has also shone a spotlight on the company’s security protections and privacy promises. Just today, The Intercept reported that Zoom video calls are not end-to-end encrypted, despite the company’s claims that they are. And Motherboard reports that Zoom is leaking the email addresses of “at least a few thousand” people because personal addresses are treated as if they belong to the same company. It’s the latest examples of the company having to spend the last year mopping up after a barrage of headlines examining the company’s practices and misleading marketing. To wit:

  • Apple was forced to step in to secure millions of Macs after a security researcher found Zoom failed to disclose that it installed a secret web server on users’ Macs, which Zoom failed to remove when the client was uninstalled. The researcher, Jonathan Leitschuh, said the web server meant any malicious website could activate Mac webcam with Zoom installed without the user’s permission. The researcher declined a bug bounty payout because Zoom wanted Leitschuh to sign a non-disclosure agreement, which would have prevented him from disclosing details of the bug….”

Sorry, comments are closed for this post.