In early April, it was disclosed that over 500,000 Zoom passwords were put up for sale on the dark web. If you have a Zoom account, change your Zoom password and consider taking the steps outlined below to mitigate some risk in using Zoom.
If you do choose to use Zoom for a meeting, here are some steps you can take to improve the security:
- Be sure of the audience – verify that no unintended participants have joined;
- Be sure to use the latest updated version of Zoom, that way the meeting cannot be recorded without your consent;
- Require passwords for all Zoom meetings and use a password that isn’t easily guessed;
- Require users to be logged into Zoom accounts to join meetings; and
- Consider using multifactor authentication for meetings dealing with privileged information.
Although Zoom is very popular, here are some of its security and privacy shortcomings:
- Encryption – Zoom claimed to offer end-to-end protection, but does NOT actually do it;
- Privacy – Zoom collects and shares data including meeting transcripts, which has resulted in three class action lawsuits;
- Zoombombing – As a result of their very lax security defaults, many users found themselves in meetings with uninvited guests, sometimes showing pornographic and other offensive images;
- Malware – Several instances were found where Zoom software from third party sources was bundled with bitcoin mining software;
- Lack of protection – Earlier versions of the software allowed users to post malicious links in meetings;
- Lack of notification – Users and meetings could be recorded without their knowledge;
- Infrastructure issues – Several meetings were found to be inadvertently routed through censorship/tracking servers in China; and
- Immature software – the recently developed software has not been vetted as thoroughly as other mature conferencing products such as GoToMeeting, Microsoft Teams, Webex, etc.