Imagine racial slurs or offensive imagery appearing during an important business call or a nice catch up with your loved ones. What if, in addition to this, your personal data ends up on Chinese servers or is sold on the dark web? Zoom can offer all of this. Learn more about current Zoom data leaks and its major security flaws.
Zoom is an American video-conferencing and online meeting software whose popularity grew rapidly during the coronavirus pandemic when companies switched to remote work. To be precise, in the first quarter of 2020, Zoom's usage increased by 67%.
Such exponential growth has led to closer inspection of Zoom’s security. Thousands of its users reported privacy breaches and security incidents. Some have even become victims of so-called zoombombing, an attack during which an intruder appears in video calls or sends offensive imagery. In the face of all these issues, companies like Google, SpaceX, and NASA all banned their employees from using Zoom for work. Here's a short video explaining the reasons behind it:
Zoom's end-to-end encryption isn't really end-to-end. While Zoom boasted of using E2EE in its advertising campaigns, in reality, it only employs it for the data in transit, not its endpoints. Zoom generates and holds all the encryption keys, meaning that it can decrypt your data at any time.
Zoom’s key generation system isn’t transparent either. The company has been accused of generating keys in China, a country famous for its surveillance and privacy violations. If so, this means that their servers can be monitored by the Chinese government, no matter whether you are making calls in the US or Europe. Zoom admitted that it had routed calls via Chinese servers by mistake, but the company hasn't given a full explanation of why just yet.
Citizenlab researchers also found that all people on a group call share the same encryption key. The keys stay the same even when participants leave and rejoin the meeting. It makes call participants even more vulnerable as the keys can be snatched by hackers to join these meetings.
Due to its poor encryption, Zoom is also vulnerable to hacking. Thousands of users have become victims of zoombombing. How? Hackers used Zoom URLs’ numbers through which they accessed the meetings. They either guessed it or generated it themselves.
There were many reported cases of hackers compromising Zoom users' account data too. Such information, including email addresses and passwords, was found on the dark web. Zoom also had a bug, which allowed cybercriminals to steal Windows account passwords.
Employers can also use Zoom to spy on their employees and breach their privacy. Zoom's attention tracking feature notifies a host if a user clicks away from a Zoom window for more than 30s. Admins can join calls without the consent of their participants and prior notification too.
Zoom is notorious for collecting users' data such as audio recordings, messages, personal credentials, and disclosing it to third parties, like Facebook and LinkedIn.
Zoom's iOS application was automatically sending the analytics data of users' devices to Facebook, even if users didn’t have a Facebook account. The company didn’t inform them about it either. Moreover, the app sent users' email addresses and usernames to LinkedIn. There are also widespread concerns that students' and pupils' private data could’ve been leaked too, as educational institutions use Zoom for online classes.
While we strongly discourage you from using Zoom, here are a few tips to make it safer:
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!