Looks like we’re stuck with Zoom: Is it any safer?
Earlier this month, Zoom’s stock price took a dive on news of two promising COVID vaccines offering over 90 percent effectiveness against the virus (a third vaccine was just announced). That’s nice. Glad to know some people think this nightmare is ending soon and we’ll all go back to the office and the classroom.
But our ability to walk into a clinic and get either of these vaccines is still months away and we’re dealing, right now, with a surge of new coronavirus infections. The reality is we’re going to be stuck with Zoom for a while longer.
Earlier in the pandemic we reported on the security risks associated with Zoom. Much of it was pretty juvenile. Think Zoombombers drawing on screen using the annotate function. On the other hand, there are countless stories online of meetings being interrupted by attendees scrawling racial epithets on screen, posting pornographic images, and threatening presenters with acts of violence. It was also revealed that Zoom’s encryption wasn’t as secure as the company claimed.
As you prepare to log in to your next Zoom meeting or class, let’s take another look at Zoom. Has it gotten any safer?
Zoombombing
Zoom has several existing settings that users can leverage against potential meeting interlopers. That’s all well and good, but when you’re in the middle of defending your doctoral dissertation and you’re suddenly staring at a giant phallus someone drew over your Powerpoint (sadly, this actually happened), there’s just no good option short of shutting down your entire meeting—until now.
This month, Zoom debuted three new features that can prevent or stop disruptions like these from happening.
Suspend Participant Activities
The Suspend Participant Activities option acts like a ban hammer for presenters. Hitting this switch pauses all video, audio, chat, annotation, screen sharing, recording, and Breakout Rooms. From there, the meeting organizer can report a user and they’ll be removed from the meeting immediately.
Report users
Zoom has made it easier to report disruptive users on both the web app and the desktop client. There’s also a new setting that admins can flip that allows participants to take the initiative and report users on their own.
At-Risk Meeting Notifier
Zoom has introduced the At-Risk Meeting Notifier which scans social media posts and “other websites” for publicly shared Zoom links. If the notifier finds a meeting link online, it’ll send an automated email to the account owners and admins alerting them to the potential risk. From there, the meeting organizer can delete and reschedule the meeting with a new link.
As a quick reminder, you should require pre-registration before every meeting. Otherwise, use a random meeting ID for every meeting, instead of your Personal Meeting ID, and require a passcode to enter the meeting. And for goodness sake, disable annotation for participants if you’re delivering a presentation that in no-way requires your attendees have the ability to draw on screen.
Encryption
Zoom got busted back in March for its creative definition of “end to end encryption.” As reported by The Intercept, Zoom conference data was being encrypted between the user and Zoom, meaning data was safe from someone spying on your WiFI connection. However, Zoom still had the ability to access unencrypted conference data on its end, which could be a problem if Zoom was involved in a data breach. Zoom could also be forced to hand over conference data at the request of government agencies. Fortunately, Zoom started encrypting meetings for real for both free and paid users in October.
All that being said, you have every right to remain wary given Zoom’s ambiguous language around encryption. One quick fix is to use a virtual private network (VPN) like Malwarebytes Privacy, for example. With a VPN, you’re effectively creating your own secure tunnel between yourself and Zoom. However, you’re still trusting Zoom with your data once it’s on the company’s servers.
Use something else
If this post sounds like a diss on Zoom—it’s not. This reporter happens to like Zoom. You might feel otherwise. However, switching to something else is easier said than done. Your employer or your school likely has a service agreement with Zoom. Going rogue and using the conferencing software of your choosing may not be allowed or it might not be something you can afford out of pocket. If you’re in a position where you can pick whatever web conferencing software you want, here are some important considerations:
- Does this conferencing software feature true end-to-end encryption?
- What options are built-in for handling meetings crashers (aka Zoombombers)?
- Do attendees need to install the application on their computer before attending a conference?
Those are just a few of the questions you should be asking. Whatever you choose, do your due diligence, pick the right conferencing software for your needs, and keep your meetings secure.
The post Looks like we’re stuck with Zoom: Is it any safer? appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.