Zoom Doom

Mar 17, 2021

During this past year, many people, organizations, schools, and even governments have migrated to online meetings and conferences in order to allow working from home. At the beginning of the COVID-19 epidemic, a large majority used Zoom as a teleconference platform.

For the months following the surge of new users, attackers discovered several flaws in the platform, the most common being "Zoom bombing".

Zoom bombing is when an unauthorized user connects to the call and effectively "bombs" the meeting. While this may sound harmless at the surface, the most concerning is that of children's calls for school. There have been hundreds of Zoom calls that showed child pornography and abuse to young children during school sessions. Apart from disgusting atrocities such as this, alcohol anonymous, drug rehab, and mental health meetings have all been "bombed" causing more damage to an already fragile situation.

Unfortunately, this vulnerability isn't a security hole caused explicitly by Zoom. The Zoom platform has a few special features that are not enabled automatically, leaving the meetings vulnerable to "Zoom bombing".

While the company responded quickly with a new "security" option, "Zoom bombing" is still an ongoing threat to Zoom users around the world.

Aside from the danger of "Zoom bombing", Zoom has routed data through China and into Facebook algorithms even if you aren't logged into Facebook. Also, Zoom does not encrypt their video calls with the more secure E2EE (End to End Encryption), but instead uses transport encryption.

With all of these vulnerabilities and threats, I highly recommend that if a conference platform is needed, to use an alternative service other than Zoom. Some honorable mentions are Google Meet, Microsoft Teams, and Cisco Webex Meetings.

Enjoy this post?

Buy JMC Information Technologies a sailboat

More from JMC Information Technologies