Enter your details below to stay up-to-date with the latest IT solutions and security measures.
With home office worker numbers exploding across the globe this week, collaboration offerings such as Microsoft Teams, Slack and Zoom have experienced unprecedented market uptake. With higher usage rates, comes greater scrutiny regarding platform performance. Zoom in particular has been under the microscope with the following concerns raised;
Zoom’s Windows client has been leaking network credentials. This is due to rendering UNC file paths as a clickable link in the group chat window. Due to be patched
Zoom’s MacOS installer uses a deprecated and insecure application programming interface in MacOS. This has been patched.
Claims of end-to-end encryption that appear to be false. Zoom admitted to encrypting only data in motion with TLS and not data at rest as first stated.
Zoom’s iOS Facebook SDK sending device analytic data to Facebook, even for users without a Facebook account. The Facebook SDK has been removed from the Zoom iOS app.
Meeting-bombing occurring in open and public meetings i.e. unwanted guests attending meeting. Choose a closed meeting that allows only invited attendees to join.
Zoom’s attendee attention tracker feature disclosing data. This has been removed.
Zoom’s LinkedIn Sales Navigator disclosing data. This has been removed.
WHAT THIS MEANS FOR YOU?
Zoom are acting swiftly and have increased their bug bounty program, so don’t panic, Zoom is still a valid application for collaboration – just abide by the following suggestions:
- Ensure you’re on the latest version to benefit from patches for any current and future issues.
- Be aware that all communication systems can be hacked, tapped or bugged, so act with caution when discussing highly sensitive subjects.