Two years ago, Facebook and Cambridge Analytica’s data collection scandal raised concerns about the privacy and security of online services. That is also the problem that Zoom is having.
Researchers, security experts have discovered many vulnerabilities in the service over the past time. Users are advised not to use Zoom, many businesses also prohibit meeting staff with this service.
It seems that emerging so quickly makes Zoom unable to anticipate the problems they will face.
|Zoom is considered an example of the company “time to stop floating.” Photo: TechCrunch .|
Soon blossoming soon
In the context of the outbreak of the Covid-19, many countries have adopted social isolation policies to blockade the country to reduce the spread of viruses.
With the above policy, the tendency to study and work from home is chosen to avoid close contact but still ensure the progress of lessons and work. Since then, Zoom has become a popular service thanks to its advantages such as stability, ease of use and completely free.
According to The Next Web , the number of daily active users on Zoom increased from 10-200 million in March. Shortly thereafter, the privacy gaps, vague data policies of this service were continuously brake. uncovered.
On March 19, the Electronic Border Organization (EFF) was shocked to point out a series of Zoom issues. Accordingly, the meeting owner can know which members are not focused if they leave the application window for more than 30 seconds. For example, if you’re attending a meeting and you go back to Facebook and watch YouTube , Zoom will report back. This tracking feature was removed on 2/4.
|A hole in the Zoom allows hackers to infiltrate the classroom, play porn. Photo: TechCrunch .|
Next, if members record the meeting, the administrator can access all internal data. They can also collect the operating system information, IP address, location data and device information of each participant.
In mid-March, another serious flaw appeared called Zoombombing. When the meeting takes place, hackers can find the link or ID and then intrude by playing porn. To fix this, TechCrunch said the meeting owner needed to turn off the screen presentation feature of the member as well as the ability to share files to avoid the virus being spread.
On March 27, the Zoom app on iOS was discovered silently sending user data to Facebook, including detailed information about a user’s device, time zone, city, network and advertising identifier. . Through this, the third party may use it to advertise to a suitable audience. A few days later, Zoom updated to remove this feature.
On 1/4, Motherboard discovered Zoom also revealed email addresses, user photos for strangers. The problem is with the Company Directory feature, which automatically adds a group of people to your contact list if you register with an email address with the same domain name.
|The Company Directory feature will automatically add other users to the directory if it has the same email domain name when registering. Photo: Motherboard .|
A few days later, Bleeping Computer posted an article warning that Zoom Desktop Client software on Windows could be hacked to steal passwords. On a closer look, The Intercept discovered unencrypted Zoom calls, contrary to what the service claims.
In addition, software engineer Felix Seele also found that the Zoom application on macOS has a code that installs the application before the user clicks Install. Patrick Wardle, Jamf ‘s security researcher, also discovered two zero-day vulnerabilities that allow bad guys to take control of the microphone and webcam.
Troy Hunt, an Australian security researcher, thinks that not only Zoom, but many other applications will also experience this situation when famous is too fast.
“Zoom is in the spotlight when users increase. The problem this application encounters is not too new: the provision is beneficial for them on how to collect data, a series of security vulnerabilities are discovered … If a service is suddenly popular, it will be the same. like that, ”Hunt said.
|Zoom is an online learning and meeting service that emerged in the context of the Covid-19 pandemic, and residents were asked to stay home to avoid close contact. Photo: The Verge .|
Being ostracized because of losing faith
After a series of scandals, many businesses and authorities have issued regulations on the use of Zoom.
On March 28, Elon Musk’s SpaceX company sent an email banning employees from using Zoom due to privacy and security concerns. The US Space Agency (NASA) also prohibits staff from meeting with Zoom, according to spokesman Stephanie Schierholz.
A week later, the New York City government issued a document banning schools from using Zoom. Some places like Utah, Washington, and Nevada have issued similar policies, advising people to switch to platforms like Microsoft Teams.
Officials at Berkeley High School in California also said they would stop using Zoom after “a naked man with racist words” hacked into a password-protected call on Zoom.
|Many businesses advise employees to switch to safer services such as Microsoft Teams, Google Meet. Photo: News Parliament .|
Taiwan and Germany also impose similar restrictions. Taiwan’s government banned Zoom after its CEO admitted video calls were sent to servers located in China. They also asked schools and organizations to consider switching to online meeting service of Microsoft and Google.
On April 9, Google banned the use of Zoom because of security concerns. In an email to employees, Google said that the Zoom Desktop Client application will no longer work on Google computers because it does not meet security standards.
On April 10, the Singapore Ministry of Education stopped teachers from using Zoom after the Zoombombing incident occurred in the first week that schools here switched to teaching online.
“This is a very serious incident. The Singapore Ministry of Education is investigating and presenting a police report if necessary, ”said Aaron Loh of the department’s technology department.
Not only that, a Zoom shareholder sued the company for “cheating on confidentiality terms, nor did it clearly state that the service they provided was unencrypted”.
Reuters said shareholder Michael Drieu has sued Zoom because of the controversy over security issues affecting stock prices. As of March 23, Zoom’s stock price has reached the threshold of $ 159.56 . While earlier this year, the stock price was only at $ 70 . On April 7, Zoom recorded the company’s stock price down to $ 113 due to security issues.
|Although easy to set up and use, Zoom is not a safe, online learning tool. Photo: The Independent .|
Should users continue using Zoom?
In a blog post published on April 1, Eric Yuan, CEO Zoom, apologized to users after the recent serious security issues, and proposed solutions to provide a better experience.
First of all, Zoom has started a “feature freeze” plan for 90 days to reinforce security and privacy issues, in which a number of detected bugs have been fixed.
The company also increased the award for its bug detection program, security review meeting every Wednesday, inviting former Facebook security director Alex Stamos as an advisor.
“Like many fledgling companies, Zoom focuses on developing a core feature instead of ensuring privacy and security. Many other holes in Zoom can be found. However, Zoom has made quick fixes, and the number of vulnerabilities will decrease in the near future, “Yuan said.
Although easy to use and set up, recent scandals show that Zoom is an application that is not safe for users. As noted by ZDNet , bad guys have formed many groups on Reddit , Discord to plan sabotage meetings. Therefore, users wishing to study and meet online should find alternatives while waiting for Zoom to fix all security issues.