Video conferencing provider Zoom has seen a surge in usage as many employees work from home as part of social distancing or social isolation measures around the world.
Although it has not shared how user numbers have been affected by the coronavirus pandemic, Zoom’s shares are up 107% since the beginning of the year.
The company has lifted the 40-minute limit on Zoom meetings for those with free accounts, and is “proactively monitoring servers to ensure maximum reliability amid any capacity increases”.
However, despite the platform offering a convenient way for individuals to keep in touch with colleagues, family and friends, security issues have been raised.
Experts are concerned that a surge in use could attract the attention of cybersecurity criminals looking to snoop on the potentially confidential information now being shared via Zoom.
Zoom security concerns raised despite UK government use
Zoom has been used by the UK government to hold Cabinet meetings remotely, but this week the Ministry of Defence instructed staff to stop using the video conferencing platform while security implications were investigated, according to the Press Association.
Dr Andrew Dwyer, a cybersecurity academic at the University of Bristol, voiced concerns over Zoom’s security, tweeting that he was “startled” to see it being used by the Cabinet Office and that the platform had a “poor security response to vulnerabilities”.
Last year, security researcher Jonathan Leitschuh uncovered a critical vulnerability that allowed attackers to gain access to users’ webcams on Macs with Zoom client installed. Zoomed later patched the vulnerability but faced criticism for not acting fast enough.
Earlier this year, Check Point published research highlighting the fact that hackers could use brute force attacks to guess Zoom Meeting IDs, which are made up 9, 10 or 11 digits, enabling them to listen in on meetings that were not password protected. Zoom has since put in place a number of measures to mitigate this.
Security Boulevard has also warned that users should be mindful of Zoom’s data collection policies, with data on name, physical address, email address, phone number, device type and IP address, job title and employer all collected, and data shared with third parties for “business purposes.”
Jake Moore, Cybersecurity Specialist at ESET offers the following advice for using Zoom securely:
“Make sure you avoid sharing a Zoom meeting link in a public forum as anyone who has the link can join the meeting. Also try to avoid using your Personal Meeting Room for public meetings. If someone gets access to your Personal Meeting ID and the personal link, they then could potentially then join any meeting in the room at any time.
“The waiting room’ is another useful tool where a host can only allow people in from a pre-assigned register. For extra security, users can and should set up a password entry system. This is effectively two-factor authentication for participants to use before entering the chat. Again, this password should only be shared privately.”