Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Zoom is popular and easy, but just how dangerous is it?
5 min. read
Published onApril 2, 2020
published onApril 2, 2020
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
In this article
Toggle
As more and more people head online due to the Coronavirus pandemic companies haveturned to telecommunication toolslike Microsoft Teams, Zoom, and Slack to continue their operations. Muchlike other services, Zoom has seen a surge in use. Reports have even said that it has seenup to 190 million daily users.
There have, however, been many security worries behind the service, causing the company itself to come out and respond. Here’s a recap of everything you need to know.
The Zoom risks and worries
We already covered the encryption, data collection, and privacy issues of Zoom inthe ending of our separate post, but recently, security researchers have found things that go beyond that. Most of these have been patched, however, but are still worth mentioning in retrospect. There’s also the concerning fact that government agencies running the response to the Coronavirus epidemic here in the United States spent big money on Zoom, and are actively using it, too,according to Forbes.
Anyway, for Windows 10 users, the biggest risk of them all was a UNC party injection in Zoom’s Windows 10 app. As pointed out byBleeping Computer, with this security flaw, Zoom’s Windows 10 apps turns Windows networking UNC paths into clickable links. This allows Windows to connect to a remote site using SMB-file sharing protocol, and then send over the user’s login and password hash. It wasn’t isn’t the easiest thing for the average user to do, or for the receiver to recover, but it was still a glaring risk that was since patches, nonetheless.
For a few thousand, there’s another issue involving leaking peoples’ email addresses and photos.Noted by Vice, with this problem, the company directory setting of Zoom will automatically add people to a user’s lists of contacts if they signed up with a personal non-standard public email address that shares the same domain. It’s designed to make it easier to find a colleague, but it also pools people together as if they worked together with the same company, allowing you to see their names, email addresses, photos, and more.
Other security issues relate to macOS, where a zero-day bug allows any website to open a Zoom call with their video camera activated.As reported on Vice, Apple patched this via a silent update to the Malware Removal Tool. Of course, there is the (now-patched)Facebook connection with Zoom, too.Without users permissions, the Facebook SDK in the Zoom iOS client was collecting non-personal device information and sending it to Facebook.
Oh, and let us not forget “Zoombombing” where random people could join in on Zoom meetings that aren’t protected. There are some suggested workarounds to prevent this as well, including using waiting rooms, passwords, and muting controls.
The Zoom response
As a response to these worries,Zoom’s own founder Eric Yuan has admitted to these concernsand showed how the company would respond. Interestingly, Yuan admits that the platform was built primarily for enterprise customers with a large IT base. He also admits that there was no way of knowing that everyone in the world would end up using Zoom, and said that “we now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges.”
This alone shows why it’s best to keep away from Zoom for personal use, but still, Yuan admits that any security threats will be taken seriously and that “We are looking into each and every one of them and addressing them as expeditiously as we can.”
In the post, Yuan pointed to a company a blog post to help explainhow to stop Zoombombing. The company also removed Facebook SDKs from its iOS app and updated its privacy policy to say it does not sell user’s data. Zoom also will put all new features on hold to better handle privacy concerns, expand its bug bounty program, and even host a weekly webinar to explain privacy and security updates to the public.
Now, what about Microsoft?
With Teamsbeing used by 44 million people daily, andSkype recently hitting the 40 million daily active usersmark, there is a need to look at Microsoft’s security practices, too. After all, people are in need of virtual ways to communicate. People want a trusted platform where they can communicate, without worry. People don’t want their data to be sold.
Microsoft’spolicies on this are clear and simple. As we’ve said multiple times, Microsoft does not use your data for anything other than providing you with the service that you have subscribed to. Microsoft also does not scan your email, documents, or teams for advertising or for purposes that are not service-related. Microsoft even doesn’t have access to your uploaded content. We suggest that while popular and easy are enticing, that you don’t forget privacy and security when making decisions on ways to make it through these difficult times.
Radu Tyrsina
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).
For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.
Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Radu Tyrsina
