You are using an older browser version. Please use a supported version for the best MSN experience.

Watch out for your security before jumping into Zoom

WGCL Atlanta logo WGCL Atlanta 4/1/2020
a display in a room © Provided by WGCL Atlanta

ATLANTA, Ga. (CBS46) – Millions of American adults and school children facing the challenges of communicating during the coronavirus pandemic have taken to Zoom, a videoconferencing server, over the past couple of weeks. But, as with anything in the digital world, before you start zooming along on the information superhighway; you need to check the digital security of everything.

Zoom has come under increasing scrutiny in the last two weeks as usage jumped. Tuesday, The Intercept posted a story that Zoom video calls are not using commonly known end-to-end encryption, despite the company claiming in promotional material that it does use end-to-end encryption, similar to that of WhatsApp. That is just the latest problematic headline coming from the tech industry about Zoom.

TechCrunch found Apple had to secure millions of Macs after Zoom failed to disclose “it installed a secret web server on users’ Macs, which Zoom failed to remove when the client was uninstalled.” The flaw was found by a security researcher who said the server allowed any malicious hacker to activate the Mac webcam without the user’s permission.

The tech blog Motherboard found the Zoom iOS app sends data to Facebook, “even if you don’t have a Facebook account.” According to the Motherboard analysis, the Zoom app, “notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone, and the city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.” Zoom has since removed the code for the Facebook data dump.

The service has also seen problematic headlines for the use of an “attendee tracking feature.” The Huffington Post reported the feature is called “attention tracking” and if turned on by the host, identifies which users have clicked away from the active Zoom window for more than 30 seconds. Zoom told the Huff Post “the feature doesn’t use any audio of video tracking and only tracks attention while someone is sharing a screen.”

Then there’s the concept of “Zoom-bombing” that even sparked a warning from the Federal Bureau of Investigation. Monday the FBI warned users about teleconferencing and online classroom hijacking during the current time. The FBI said it’s Boston office reported an incident where a high-school teacher was conducting an online class and then an unidentified user dialed into the classroom, yelled a profanity and then yelled the teacher’s home address.

A second incident in Massachusetts came from school that reported a Zoom meeting being access by an unidentified individual who was visible on camera displaying swastika tattoos.

The FBI listed multiple steps that can be taken to try to avoid teleconferencing hijacking:

Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.Manage screen-sharing options. In Zoom, change screen-sharing to “Host Only.”Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

PC Magazine also listed out multiple steps to avoid Zoom-bombing including: use a unique ID for large of public Zoom calls; require a meeting password; create a waiting room; make sure only the hosts can share their screen; lock a meeting once it starts; kick someone out or put them on hold; disable someone’s camera; prevent files in the chat; disable private chat; and more. Click here for the full details and how to perform these actions.

The Zoom issues, and solutions, are a good reminder to take your Internet and data security very seriously during this crisis no matter which service you use.


More From WGCL Atlanta

image beaconimage beaconimage beacon