The ongoing COVID-19 pandemic has truly brought the world to a halt. Most of the companies starting from small businesses to large corporate firms have switched to working from home with the aid of video conferencing applications. Zoom has stood apart amongst all the applications and is being used by many businesses, schools and universities across the globe.
Zoom is easy to set-up and use; it can support up to 100 people in a meeting and most of the Zoom features are free which make it an automatic choice. In fact, a lot of governments have conducted their cabinet meetings via Zoom.
However, recent events have brought Zoom into scrutiny and have put its commitment to security under question. The app’s popularity has invited several incidents concerning security breach and exposed many vulnerabilities in the application.
It has been found that it is relatively easier to “zoom-bomb” meetings. It allowed uninvited guests to join meetings and post objectionable content. Passwords, however, can be used to stop Zoom bombing. There are login credentials available online. Zoom has been under fire for falsely documenting that they are using end-to-end encryption, while it is proved that Zoom algorithm for encryption and decryption preserves the pattern of the input. It is a transport encryption which made it a weak algorithm for encryption.
Numerous security holes have already been reported about Zoom, and new flaws are being discovered every day. It was recently found out that Zoom recordings are available online, which were not required to be protected by passwords. Moreover, Zoom admitted that their call data was being routed through Chinese servers for users not in China, and researchers at University of Toronto found that Zoom encryption keys were issued using Chinese servers, which could be used to decrypt the data, putting the privacy of user data at stake.
These security flaws have been taken seriously by many organizations, who have decided to discontinue with the service or ban the use completely. Organizations who have banned it include Google, SpaceX, NASA, Standard Chartered. Educational Institutions have also addressed this issue; for example in New York, more than 1,800 schools have banned its use. Singapore recently lifted their previously imposed ban on zoom for education, but only with certain security implementations.
Recently, the Government of India’s Ministry of home affairs has warned the people, against the use of the application citing the vulnerability of the app which could lead to sensitive data leakage. The move comes after Germany and Taiwan have completely banned the application.
Frankie Poon works at a top financial firm in Hong Kong. He believes that if the data could be exposed to third parties, companies should not rely on those tools, be it Zoom or any other tools. He believes that corporations should provide alternatives and provide clear guidelines regarding the use of the application. He said that Zoom now have a responsibility to deliver a secure product or they will lose their customers since data security is the top priority of financial institutions.
Many companies have used the episode to bring out their own conferencing apps, claiming to be secure and trustworthy. Microsoft teams and Google Meet stand out being the leaders in the tech industry. The University of Hong Kong has already issued Microsoft teams license subscription to all the students and staff amidst Zoom security concerns. It will be interesting to watch how stable and secure applications will these tech giants deliver.
While Zoom has tried to address most of the issues, new issues coming up every day is not a healthy sign for them. They have frozen their release of new features, to focus solely on addressing security concerns, and they have been launching new security updates with some issues resolved. However, with competition building up with improved features and security, Zoom does not have a lot of time to hold on to the summit if they do not roll out immediate measures to tackle all the flaws. They need to understand that data is the new currency and no corporation would compromise on their security for the advantages Zoom is providing.