Leet Tech: Zoom and its Security Issues

By Gary Chapman
gchapman@lc.edu

As we go through this semi-apocalypse, an app seems to reign supreme among teleconferencing — Zoom. Zoom, which is developed by Zoom Video Communications, launched in 2013 and exploded in 2020, as the software is being used by schools, colleges, workplaces and just general chatting. But as the program becomes popular, more scrutiny is applied to its security practices.

One of the major complaints about Zoom is its somewhat sketchy behaviors. One of which is how the Mac installer fakes a system prompt to give it root privileges (admin). This caused them to be called out by Felix Steele of VMRay, a macOS-centered security firm. When confronted, Zoom founder Eric Yaun stated, “We implemented to balance the number of clicks given the limitations of the standard technology. To join a meeting from a Mac is not easy, that is why this method is used by Zoom and others.” But Felix stated, “While this practice is nice from Zoom’s perspective and for usability, it violates Mac user expectations. If a Mac user opens a pkg file, they expect to click through it and give their consent before installation. Instead, Zoom performs this operation instantly without another confirmation.”

Another problem is abuse from outside sources, also known as “Zoom-bombing”. It is when a group of people find an open Zoom link and join, usually yelling profanities and the like. Kristen Setera of the FBI Boston Field office noted that, “A Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.” She also noted that in order to remain secure, you have to “not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.”

Jeff Watson, the chief information officer of L&C, noted, “Zoom can be a safe place for faculty to conduct their online classes if they implement the security features available to make the Zoom online classes safe.” He also said that Zoom is working on it.

Zoom has been working on safety, issuing an update as part of Zoom 5.0, requiring the meeting to use the waiting room, adding new encryption and requiring most meetings to have a password. This is a step in the right direction but their reputation is somewhat tarnished, hopefully they can recover.

, , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *