With the lockdown announced in various countries, various schools, colleges, tutorial centers are now closed. But with the vast syllabus being left for this academic year, classes must continue in an online mode. Amongst the other various apps Zoom, a video-conferencing platform, had skyrocketed with a 535% rise in its daily traffic in the download page as recorded in the last month by SimilarWeb being the most downloaded app for iPhone users for weeks as researched by Sensor Tower, a mobile app market research firm. It is even used by the British Prime Minister, Boris Johnson; former US Federal Reserve chair Alan Greenspan for conferencing during their work from home.
But recently, this app has been facing allegations such as “a privacy disaster” and “fundamentally corrupt” by security researchers. Letitia James, New York’s attorney general wrote to the company for outlining the security measures and measures for accommodating so many users. Later on, James revealed that Zoom was prone to various data breaches that could enable the third parties to gain access to consumer webcams.
One of Zoom’s spokesmen later told the Guardian that the information requested by James was due and would be sent soon and also added that the security and privacy measures are taken with extreme seriousness by Zoom. He also said that their main concern is to keep all people throughout the world connected during the COVID-19 pandemic so that everybody stays at home.
They promised of shifting all engineering resources for focusing on security questions raised barring the coming updates.
ZOOM BOMBING
There has been an increase in cases of video hijacking causing a hurling of abuses and racial threats as announced by FBI on 30 March. This might be because Zoom’s easy access to its meetings by a short number-based URL that could be guessed or generated easily by any hacker as found by another security firm Checkpoint. Although Zoom has recently released guidelines of preventing the entry of unwanted guests causing video crashes and interference in webinars.
LACK OF END-TO-END ENCRYPTION
End -to-end encryption refers to any system that secures communication allowing only the users to read it and no one else. Zoom had been falsely advertising itself as using end-to-end encryption which they later apologized for the confusion of incorrect advertisement.
SECURITY DEFECTS
Various security flaws were reported in the past by users. In 2019, it was revealed that a hidden web browser was installed in Zoom that could connect the user to any unwanted call. This week, a bug was discovered that could allow hackers take over the Mac thus tapping into the webcam and hack the microphone. Although Zoom is trying to fix this issue but it is forming a bad image as malicious software in the minds of users.
IN-APP OBSERVATORY MEASURES
Zoom has received huge criticism for its annoying feature of allowing a host to see its user for 30s after closing the window. This feature was for checking if employees were really tuned to work or if students were really watching the classroom presentation minutely.
SALE OF INTERNAL DATA
It has been reported by Motherboard that Zoom secretly uses its users’ data from its iOS app, and uses it in advertising in Facebook. Though Zoom on Thursday said of them for never having sold any kind of user data in the past and nor they are having any plans for the future. But Zoom was accused of failing to “properly safeguard the personal information of the increasing millions of users” on its platform by a federal court in California when this case was cited.
Schools migrate to Zoom for classes but these privacy breaches could be of serious concern and must be taken well care of as noted in the letter from James. It actually read “While Zoom has remediated specific reported security vulnerabilities; we would like to understand whether Zoom has undertaken a broader review of its security practices”.