By now most people will have used or at least heard of Zoom and subsequently some of the privacy and security issues that have been brought up surrounding the service. This means we need to configure the software to help avoid some issues and Zoom themselves are working on reassuring those concerned. 

Zoom has numerous features to prevent so called Zoomboming, where uninvited guests could join and then screen share inappropriate content.  

  • This first feature is the Share Screen options, accessed from the arrow next to the ShareScreen button on the host controls, where the host can restrict screen sharing to the Host Only.  

  • Other ways to secure a room include only allowing signed-in users to join.  

  • You can also lock meetings so that new users cannot join part way through the meeting regardless if they have the meeting ID and password.  

  • It is now default that a password is used when a meeting is set up, so only those with the password can then join.  

  • The waiting room can be used to hold guests from joining until you choose to let them in, you can also prevent users who get into a waiting room from then taking part in a meeting. 

On April 3rd, Zoom put out a statement addressing some results from research published by the University of Toronto. They discussed the encryption used being a custom service designed and implemented by Zoom rather than using an existing standard. Another point brought up by The Citizen Lab was that Zoom was sending traffic to China even for calls where none of the participants were in China. An arrangement that was speculated could lead to them opening to pressure from Chinese authorities. 

However, in the blog Zoom published it explained the reasoning behind these findings. The increase in traffic through China, they said it was simply due to an increase in demand. They added extra capacity to the Chinese region and mistakenly added the two data centres from the region to the whitelist of backups. Sometimes non-Chinese users would be put onto them when the primary non-Chinese servers were full. Since learning of this fact, they have taken these datacentres off the whitelist to halt non-Chinese users from being connect. 

In response to the criticism of the encryption, a post made on April 1st outlined a plan for the next 90 days that includes freezing development on new features to focus on the safety and privacy. This also included holding weekly webinars to provide privacy and security updates and prepare a transparency report on data requests. 

Zoom have also clarified their encryption practices. Meetings (A Zoom Room/smartphone user on the app/laptop or computer running Zoom) won’t be recorded for Zoom clients. This means everything is encrypted between clients only for meetings using other devices such as a telephone connected via a telephone line. This means data is encrypted through as much of the transmission process as possible. 

This communication from Zoom shows that they are aiming on fixing and improving the service that they offer. 

Stuart Harwood, Global Assessments Lead had a few comments on the security concerns at Zoom: 

‘At Siker we are using Zoom to provide information services and training sessions to clients and partners. We have taken the steps above to secure our meetings rooms, but we are also attending many of the webinars that Zoom are holding so we are up to date on the current options that they are presenting us. We strive to give our clients the best software possible for the best experience and in our opinion the Zoom team have provided a great client experience.’ 

Our team are available if you would like to discuss it more with us: info@sikercyber.com