EXPLAINER-Zoom bombs make choosing video apps harder for lockdown chats


The coronavirus crisis has led millions of people who were locked up at home to turn to video conferencing apps, questioning security and privacy, and a new verb – Zoombombing – the practice of uninvited users crashing into conversations.

From easily accessible models for school kids and casual users like House Party, Google Hangouts or Zoom to Cisco & # 39; s business-focused Webex, Microsoft & # 39; s Teams or San Jose-based BlueJeans, the value and profile of these apps has skyrocketed # But which one would you choose and what are the risks?

WHAT CAN BE WRONG? There have been two major social media-inspired fears since lockdowns and social distance became widespread.

In late March, people started removing Houseparty after posts on discussion forums and social media claimed that other apps on phones were hacked after downloading the social chat platform. The company denied the claims and offered a $ 1 million reward as evidence of what it believed was a smear campaign.

Zoom, which has risen to 200 million daily users from 10 million in less than three months, has had multiple reports of “zoom bombing,” strangers intruding on private conversations that have access to an invitation or meeting number. Many of the problems are the fact that Zoom has not only become more popular; With the world locked, Zoom has transformed from a business-oriented conference call tool to a global video hangout.

“Now Zoom is used in situations where you invite strangers to video chat,” said Alex Stamos, former head of security at Facebook Inc, who now works at Zoom as an external consultant. & # 39; That’s a big change. & # 39; This has become a bigger problem as security researchers discovered bugs in codes, sharing user data with Facebook, lack of end-to-end encryption and routing of any traffic through China.

Stamos said the changes prompted the company to rethink privacy and security. ARE THE THREATS REAL?

Security researchers distinguish between apps that focus on social interaction and ordinary consumers and apps that need to keep communication private for a large company or a bank. They say that most & # 39; zoombombing & # 39; incidents could have been avoided if hosts had taken simple steps such as requiring a password to join the chat and holding invitations to closer groups.

Zoom has since updated https://blog.zoom.us/wordpress/2020/04/08/zoom-product-updates-new-security-toolbar-icon-for-hosts-meeting-id-hid its software and given hosts the ability to lock meetings, limit what participants can do, and remove participants. It advises hosts to approve each participant before participating in a particular chat and has https://blog.zoom.us/wordpress/2020/03/27/zoom-use-of-facebook-sdk-in-ios- Facebook’s client removed access to data. “The flaws are serious, don’t be mistaken, but they are in no way unique or special,” said Daniel Cuthbert, head of cybersecurity research at Grupo Banco Santander. “But Zoom acted quickly and solved the problems, which is not the norm in my experience and should be welcomed.”

However, for corporate customers, the issue of encryption and who keeps track of data or can listen to your calls is more important, whether it’s protecting valuable business information or meeting customer privacy obligations. Zoom has secured industry top marks to work on security and has already taken steps to enable users to exclude data passing through China, but has also had to admit that it has tricked customers into saying that the conversations are encrypted from start to finish.

Researchers say this may have been at the core of some of the bans on the app that companies and governments have implemented over the past month. “While the average user who talks about their daily activities with their family about Zoom is probably fine, I would recommend sticking with the platforms created by more mature companies,” said Patrick Wardle, a security researcher at software company Jamf, who found two unspecified shortcomings in the platform.

A Zoom spokesperson, who has repaired these and other previously undiscovered flaws, said large companies and government agencies worldwide have conducted comprehensive security assessments of their platform and many continue to use Zoom. HOW DO THE APPS MEASURE FOR ENCRYPTION?

Some companies offer https://help.webex.com/en-us/WBX44739/What-Does-End-to-End-Encryption-Do end-to-end encryption as an option, but when enabled it has several features like Saving session data, call records, call recording and landline calls are not supported. Cisco says it had 324 million visitors in March https://in.reuters.com/article/uk-cisco-systems-webex/ciscos-webex-draws-record-324-million-users-in-march- idINKBN21L2TJ, said the Webex sessions were encrypted.

“We are not going to copy or transcribe your data what you say, and we are not going to sell your data to advertising agencies. This is an appropriate tool for secure communication,” said Jonathan Davidson, senior vice president of Cisco. Microsoft Teams, with 44 million users https://www.reuters.com/article/us-microsoft-tech/remote-work-during-coronavirus-outbreak-puts-millions-more-on-microsoft-teams-idUSKBN21629D, and BlueJeans, which has 15,000 corporate customers https://in.reuters.com/article/bluejeans-ma-verizon/verizon-snaps-up-zoom-rival-bluejeans-for-less-than-500-million-idINKCN21Y1ZB, also offer encryption options on their platforms.

Symphony Communication, a messaging service backed by major banks, is planning an early summer launch of a video conference platform with end-to-end encryption, said David Gurle CEO.

(This story has not been edited by staff and is automatically generated from a syndicated feed.)


Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top