Presently, virtual meeting platforms are seeing a surge in numbers of users. As a result, apps like Microsoft Teams, GoToMeeting, and Zoom have all seen huge surges. Additionally, Zoom’s ease of use and accessibility has made it the platform of choice. Between December of 2019 and March of 2020, the average number of daily meeting participants increased by 190 million users. However, this growth has attracted the attention of bad actors. Without delay, exploiters are using Zoom’s increased popularity. This has created an opportunity to hack the app’s weakness.
As a matter of fact, earlier this month Zoom enlisted the services of Luta Security. To this end Luta Security is revamping its bug bounty program. In detail, it allows white hat hackers to help search for security flaws. In a similar fashion Zoom rolled out a new and improved version 5.0 on the 26th of April. This included security upgrades including AES 256-Bit GCM Encryption. (The upgrade is still not available for iOS.)
Correspondingly, Zoom is working hard to address recently discovered vulnerabilities in the app. However, many vulnerabilities still persist. For example, Zoom for Windows can be used to steal users’ Window credentials. While a work-around for this issue exists, a permanent fix is not yet available.
Consequently, “Zoombombings” are still a problem. They happen when bad actors find open Zoom meetings. Furthermore, they join them to share offensive content (usually pornography). Zoom recently added meeting control features to help alleviate this problem.
Moreover, another flaw in Zoom security on virtual meeting platforms. The problem is that it is that recorded meetings stored in Zoom’s servers are easily discoverable. Paid users of the app can record and store their meetings. As a result, they are easy to find because they have a predictable URL structure. Thus, the information is at risk.
In sum, it matters how systems are built. In this situation Zoom has prioritized ease of use and availability. They have been wildly successful at accomplishing that task. Other companies, like Google, also have different focus areas. On the other hand, some companies focus on business use and regulatory compliance in mind. Some examples are companies that focus on consumers–Microsoft Office 365, GoToMeeting, and WebEx. GoComputek is not advocating for a particular brand. In conclusion, our objective is to point out that a primary focus will usually affect the end result.
It’s Not All Gloom
Is Zoom completely unsafe? No. Zoom is still good for personal meetings with family and friends. To clarify, it’s a wonderful tool to stay connected. However, for businesses that exchange sensitive information this isn’t the case. Regulated businesses should also be careful when using Zoom. With this in mind, be cautious not to place your business in an uncompliant state. In the end, the results would be the creation of an unnecessary level of risk.
Therefore, for business use, we recommend a virtual meeting platform built for businesses. As an example, we use Microsoft Teams because it integrates very well into our app ecosystem. As another illustration, one of the benefits we enjoy is that Microsoft Teams offers secure video conferencing with up to 250 people at a time. Lastly, it allows users to present live to 10,000 people.
Teams is also a full-service collaboration tool. It is not just a video-conferencing platform. The threaded conversations feature provides channels of conversation within various groups (or teams). The app has file sharing built into it. It’s also backed by Microsoft’s long history of security and reliability. You can also share screens and work on documents together. This can be done in real-time. Of course, calendars can be shared too. Best of all, Microsoft’s Office 365 suite includes Teams in its package. A free version is also available for users on different platforms. GoToMeeting or WebEx are also great alternatives.