Zoom zoom! Not so fast. Is Zoom secure?

Is any video conferencing app secure?

Some security weaknesses are zero-day vulnerabilities, like the Zoom app’s download being vulnerable to a phishing scheme. Zoom leadership has since secured the install, but that is the stuff you can’t do anything about.

Other security weaknesses you can do something about, like password protection against Zoombombers. That is a setting, and it is enabled by default.

Zoombombers

Unwelcome guests spewing abuse is the stuff humanity (and news) is made of. For a recent piece in Wired magazine, Riana Pfefferkorn at Stanford’s Center for Internet and Society commented, “Enterprise platforms are now seeing the same abuse problems that we’ve long been used to seeing on Twitter, YouTube, Reddit, etc.… [where] strangers contact other strangers….”

Blood in the water

Are Zoombombs proof positive that Zoom is not secure? Regardless of the truth, the smell of blood in the water has got both hackers and cybersecurity hotshots in a frenzy to attack the app’s safety like sharks. Says cryptographer, @KennWhite, whose work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences , “It’s like everyone is driving a 1989 Geo and security folks are worrying about the airflow in a Ferrari."

Good UX

I take White’s point to be that anyone still driving an 1989 Geo is comfortable in the driver’s seat. Good UX delicately balances security with usability. In the past, Zoom leadership has consistently erred on the side of usability, like disabling password protection by default.

But the vulnerabilities that cybersecurity hotshots like Matthew Hickey (@ HackerFantastic ) is reporting to BleepingComputer are a bit far-fetched. Hickey found that a UNC link in the Chat can be used to launch malicious software. OK, but you can’t do anything about that. Zoom leadership can (and has.)

Bad UX

Unfortunately, in response to the frenzy, Zoom leadership’s fix for a vulnerable UNC link is bad UX, way off balance between security and usability: ALL links in Chat, even normal URLs, no longer convert into hyperlinks. Bummer. There goes an elegant sharing tool.

So…is Zoom secure?

Yes, as long as you follow the rules. Growth in the number of Zoom meetings due to social distancing has been exponential like the growth rate of Coronavirus cases. To protect yourself against COVID-19 follow the rules:

  1. Wash your hands.
  2. Don’t touch your face.
  3. Stay 6 feet away from each other.

Protect yourself in a Zoom Room

To protect yourself against malicious intent in a Zoom Room follow the rules:

  1. Set a password and/or enable the waiting room.
  2. Don’t publish Meeting IDs or links.
  3. Set the screensharing option to “Host Only.” (Change that setting during the meeting, if you like.)

And lookout for phishing schemes like this one: Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus.

Too soon?

Not too proud to beg…i.e., reply to my own post. I want to follow up on Zoom 5.0, the latest version, because normal URLs now convert to hyperlinks in Chat – an elegant sharing tool, restored.
Zoom leadership has been very responsive to the people who use their app. It’s a good sign that an app is secure when leadership reacts to zero-day vulnerabilities, as well as bad press, quickly and transparently. Congratulations, Eric Yuan, Zoom CEO.