On a trip to Australia last year, two contestants traveling to a Dropbox sponsored event hacked into Zoom and discovered its incredibly poor security. Now, the major bug within the conference call program could provide hackers with the ability to control some mac users’ computers. As Zoom has been the preferred choice for many to stay connected during the pandemic, this bug has posed a great risk to business operatives using the platform to communicate with one another.
In 2018, Dropbox challenged hackers to break through Zoom’s security and dig deep for information regarding the app’s vulnerabilities in exchange for rewards. Zoom, after three months, was able to fix nearly all of the bugs discovered within its platform. Since then, however, several other security risks have begun to surface, particularly because of the significant growth in popularity of the platform.
Several businesses have attempted to defend Zoom and claim criticism of the platform’s security is unjustified with the current status of the pandemic. As of April, there are over 300 million daily active users on Zoom. Many argue that the increase in users was unprecedented compared to the number of users the company saw prior to the pandemic.
As “Zoombombings” continue to haunt users of the app, critics have urged the company to enhance its security or have opted to switch to alternative platforms to communicate. Zoom’s inability to stop malicious users has led companies like Google to ban their employees from using the software, according to an article by New Yorker Magazine.
Recent reports have also shown that when installing Zoom on a computer, the application could possibly download other applications without the user’s knowledge. Additionally, Taiwan’s government has stopped use of the software since hearing the possibility of Chinese spying.
These concerns of spying correlated to the findings of a research group from the Citizen Lab, based in the University of Toronto, Canada, which showed some of Zoom’s traffic passed through servers in China. The video conferencing platform was developed by three companies, two owned by Zoom and one owned by American Cloud Video Software Technology Co., which are all located in China. For an application mostly used outside of China, researchers fear that Chinese authorities could have an influence on the program, such as forcing Zoom to hand over users’ data.
A few hours after this report, Zoom apologized for the internet traffic that went through China’s servers. Zoom’s CEO Eric Yuan claimed that not all data flows through China’s servers, however, with the huge increase in users, local based data centers in North America and Europe became overflowed. This subsequently led to China’s data centers being used as a backup measure when there were too many active calls. Zoom gave no response when asked how much data from its users went through China’s data centers.
The company has also had to address the selling of users’ accounts over the dark web. Cyble, a website that identifies itself as a “third-party cyber risk intelligence program,”bought in bulk 530,000 Zoom users’ credentials from a hacker forum. Each account was priced at $0.0020. The credentials listed users’ emails, passwords, personal meeting URLs and host keys. Some of the accounts being sold were associated with big banks like Citibank and Chase.
Since Zoom has become aware of this issue, the company has inquired intelligence firms to aid in locating password breaches and resetting passwords. For online users looking for ways to find out if their email has been breached, websites like “Have I Been Pwned” and Cyble’s “AmIBreached” can provide more information.
On April 22, Zoom sent out a security update stating it improved its encryption. For active users of the application since the outbreak of COVID-19, their experience with the platform has been tumultuous. Through security updates and research groups like those at the Citizen Lab, the safety of users can potentially be improved in the upcoming weeks. For now, however, the primary issue students should worry about on Zoom is waking up for class on time.