Zoom faces scrutiny

With home office worker numbers exploding across the globe this week, collaboration offerings such as Microsoft Teams, Slack and Zoom have experienced unprecedented market uptake. With higher usage rates, comes greater scrutiny regarding platform performance. Zoom in particular has been under the microscope with the following concerns raised;

Zoom’s Windows client has been leaking network credentials. This is due to rendering UNC file paths as a clickable link in the group chat window. Due to be patched

OneZoom’s MacOS installer uses a deprecated and insecure application programming interface in MacOS. This point of Zoom scrutiny has been patched.

Claims of end-to-end encryption that appear to be false. Zoom admitted to encrypting only data in motion with TLS and not data at rest as first stated.

Zoom’s iOS Facebook SDK sending device analytic data to Facebook, even for users without a Facebook account. The Facebook SDK has been removed from the Zoom iOS app.

Meeting-bombing occurring in open and public meetings i.e. unwanted guests attending meeting. Choose a closed meeting that allows only invited attendees to join.

Zoom’s attendee attention tracker feature disclosing data. This point of Zoom scrutiny has been removed.

Zoom’s LinkedIn Sales Navigator disclosing data. This has been removed.

WHAT THIS MEANS FOR YOU?

Zoom are acting swiftly and have increased their bug bounty program. So don’t panic, in spite of scrutiny, Zoom is still a valid application for collaboration – just abide by the following suggestions:

• Ensure you’re on the latest version to benefit from patches for any current and future issues.
• Be aware that all communication systems can be hacked, tapped or bugged, so act with caution when discussing highly sensitive subjects.

More about new features on zoom.us.

More about digital engagement.