Your IP: Unknown · Your Status: Unprotected Protected
Blog In Depth

Zoom vulnerability issues: Should you use it?

Apr 08, 2020 · 3 min read

Zoom vulnerability issues: Should you use it?

Imagine racial slurs or offensive imagery appearing during an important business call or a nice catch up with your loved ones. What if, in addition to this, your personal data ends up on Chinese servers or is sold on the dark web? Zoom can offer all of this. Learn more about current Zoom data leaks and its major security flaws.

What is Zoom?

Zoom is an American video-conferencing and online meeting software whose popularity grew rapidly during the coronavirus pandemic when companies switched to remote work. To be precise, in the first quarter of 2020, Zoom's usage increased by 67%.

Such exponential growth has led to closer inspection of Zoom’s security. Thousands of its users reported privacy breaches and security incidents. Some have even become victims of so-called zoombombing, an attack during which an intruder appears in video calls or sends offensive imagery. In the face of all these issues, companies like Google, SpaceX, and NASA all banned their employees from using Zoom for work. Here's a short video explaining the reasons behind it:

Zoom’s security and privacy issues

Poor encryption

Zoom's end-to-end encryption isn't really end-to-end. While Zoom boasted of using E2EE in its advertising campaigns, in reality, it only employs it for the data in transit, not its endpoints. Zoom generates and holds all the encryption keys, meaning that it can decrypt your data at any time.

Zoom’s key generation system isn’t transparent either. The company has been accused of generating keys in China, a country famous for its surveillance and privacy violations. If so, this means that their servers can be monitored by the Chinese government, no matter whether you are making calls in the US or Europe. Zoom admitted that it had routed calls via Chinese servers by mistake, but the company hasn't given a full explanation of why just yet.

Citizenlab researchers also found that all people on a group call share the same encryption key. The keys stay the same even when participants leave and rejoin the meeting. It makes call participants even more vulnerable as the keys can be snatched by hackers to join these meetings.

Hacking, hacking, and more hacking

Due to its poor encryption, Zoom is also vulnerable to hacking. Thousands of users have become victims of zoombombing. How? Hackers used Zoom URLs’ numbers through which they accessed the meetings. They either guessed it or generated it themselves.

There were many reported cases of hackers compromising Zoom users' account data too. Such information, including email addresses and passwords, was found on the dark web. Zoom also had a bug, which allowed cybercriminals to steal Windows account passwords.

Employees’ surveillance

Employers can also use Zoom to spy on their employees and breach their privacy. Zoom's attention tracking feature notifies a host if a user clicks away from a Zoom window for more than 30s. Admins can join calls without the consent of their participants and prior notification too.

Data collection

Zoom is notorious for collecting users' data such as audio recordings, messages, personal credentials, and disclosing it to third parties, like Facebook and LinkedIn.

Zoom's iOS application was automatically sending the analytics data of users' devices to Facebook, even if users didn’t have a Facebook account. The company didn’t inform them about it either. Moreover, the app sent users' email addresses and usernames to LinkedIn. There are also widespread concerns that students' and pupils' private data could’ve been leaked too, as educational institutions use Zoom for online classes.

How to make Zoom safer

While we strongly discourage you from using Zoom, here are a few tips to make it safer:

  • Do not send invites or accept invitation links from people you don't trust;
  • Make sure you download Zoom from the official site. Hackers have been creating fake Zoom websites to spread malware;
  • Update it regularly to have the most recent security patches;
  • Never share your meeting ID publicly, only with people you trust;
  • Protect your meeting with a unique password. Check these tips on how to create strong passwords. You can also try NordPass random password generator;
  • Use the waiting room function. It puts the participants on hold so you can approve or block them;
  • Lock meetings, so that no one is able to join them apart from those who are already there;
  • Refrain from using Zoom to exchange sensitive or confidential information;
  • Make yourself the only host to take full control of the call. In case of zoombombing, you could turn off someone's camera, microphone, or even disable them;
  • Read these tips on how to work-from-home safer and look for video conferencing alternatives.

To learn more about cybersecurity, subscribe to our monthly blog newsletter below!


Paul Black
Paul Black successVerified author

Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.


Subscribe to NordVPN blog