Zoom: Are your video conferences safe?

Sponsor ad - 728w x 90h (at 72 dpi)
Image source: Zoom

(Revised April 10) Beginning in late March and accelerating in early April, a lot of uncertainties came to light about Zoom, the videoconferencing service whose time in the spotlight has coincided with the coronavirus.

First came news that Zoom was sharing personal information with Facebook, without adequate notice to users (for which Zoom’s CEO has apologized).  Then, reports surfaced that Zoom sessions could be intercepted and decrypted, counter to the promise made by Zoom (which has reportedly since dropped the term ‘end-to-end’ encryption).  Then came a report that decryption keys and other traffic are routed through China, where Zoom may be “legally obligated to disclose these keys to authorities” (which Zoom says it’s addressing).

Click to Download

Here’a a grab bag of recent headlines that caught our attention last week, linked to their full news stories.

Where do things stand now, and what should you do?

To Zoom’s credit, the company has instituted a 90-day plan to address the not-so-flattering publicity.

Why it matters

Although we haven’t (yet) seen any piracy-specific reports relating to Zoom, one of the basic capabilities of streaming, chat and conferencing applications is to open a communications session between an end user and a service infrastructure.  Many services are also designed to install software components on the end user’s device automatically.

Innocent errors can occur, due to faulty implementation of a third party APIs or infrastructure technologies by a video provider.  Or due to incomplete testing by a systems integrator.  Or incorrect mapping between sessions and virtualized or physical resources.  Sessions left open, servers left exposed, and other situations that can often be attributed to error.

But also, purposeful “errors” can leave the end user’s device vulnerable to sessions that can intercept personal data or used to implant malware.  Or, leave a video provider’s servers open to robbery.

Again, this is not to cast indictments at Zoom; but users should be alert to risks of exposure – no matter whether it’s through Zoom or via any other streaming, chat or conferencing app – and enterprises considering adopting such services for mission-critical internal use should carefully examine service infrastructure to identify possible risks.

By Steve Hawley, Piracy Monitor

Print Friendly, PDF & Email
Click to download eBook