Schools, companies, and even family members have turned to the virtual meeting platform, Zoom, to stay connected and attempt to keep things “business as usual” in this new normal we find ourselves in. However, since the surge of users over the last month, the platform has had incidents of hackers joining meetings and users having their privacy invaded by the platform itself. While staying connected is a need for both businesses and people in general, there are security measures we all need to take when deciding to connect.
Zoom, Pop, Kapow, Security Flaws Abound
Zoom stated on their blog this month that they hosted 200 million daily meeting participants in March alone. This increase also meant a greater vulnerability for the platform as home users don’t have the level of security that enterprise level systems do.
The first instance of a cyberattack was known as “Zoom bombing” where uninvited people would enter a meeting and project graphic images. The video calls in general were not end-to-end encrypted and were “transport encrypted,” meaning that Zoom could access the data. This was not the first instance of Zoom admins accessing user’s information, the company recently took down a tool that showed a participant’s personal LinkedIn profile.
There is an app called the LinkedIn Sales Navigator, which displays data on people in your meeting, for a fee. This app allowed whoever was running the meeting to get LinkedIn data on any participants including: location, employers, work history, and more. By entering a name and email address, the service would match the information with a profile. This available app overrode privacy settings to send LinkedIn data to meeting organizers.
Patching Up Problems
Since the LinkedIn security breach was discovered, Zoom has removed it from their platform. To combat the hackers, the company now requires passwords to enter calls and turned on “waiting rooms” on April 5th. Before, malicious actors were easily guessing meeting IDs and crashing the meeting with their own agendas. These new password regulations and the meeting rooms, where hosts must approve attendees before they can participate, are meant to restore security and trust in the video call system.
There have been some criticisms of the platform’s lack of security, with the CEO of Lifesize, another popular video platform, saying that Zoom doesn’t care about security and is only sorry they were caught without proper encryption and security measures. While the use of most video conferencing platforms has increased, a security breach can occur on any device or system that has ineffective or non-existent security.
Security Shouldn’t Be Business Casual
When working remotely, there are several tips to follow including updating your software on your computer and making sure all of your operations are up-to-date. Cyber criminals are more active than ever with the dramatic increase of device users during the day. They will attack video calls, invade cameras on a desktop or laptop computer, and will look for exploits that weren’t secured by an app’s programmers.
Both users and administrators have to prepare themselves for working remotely during the virus outbreak to ensure their devices and corporate information remain safe. If you were the victim of a data breach, intellectual property theft, or fraud, call SecureForensics at 1-800-288-1407 to see how we can help.