Is it true that the web conferencing tool Zoom has a reputation for being insecure about its security?

Is it true that the web conferencing tool Zoom has a reputation for being insecure about its security
Notes
・Since this content is intended to provide general information, it includes initiatives in which we are not involved.
・Photos and images used in the article are images. It may differ from the content provided by the actual product or service.
・The content of this blog is based on the information at the time of publication. Therefore, regarding the content of the product, images and operating procedures may differ from the current version due to version upgrades, etc.

*Zoom and services that include the name Zoom are services provided by Zoom Video Communications, Inc.

From July 15, 2022, Zoom will have a 40-minute limit even for meetings with two participants if you have a free subscription. (Previously, it was only for meetings of 3 or more people.)
Companies and organizations using Zoom for business should consider switching to a paid license at this opportunity. 

As we enter the New Normal era, more and more companies are introducing web conferencing tools and home attendance management systems.

These are indispensable tools for telework and telecommuting, but when using them, you will need to prepare for risks such as information leakage.

The popular web conferencing tool “Zoom Cloud Meetings” (hereafter referred to as “Zoom”) has been criticized for security issues in the past.

Currently, it is a highly secure tool with strict measures taken, but I think there are many people who are wondering what the actual reputation is.

Here, we introduce the background of the concerns about Zoom’s security, the current countermeasures and reputation.

If you are thinking of introducing Zoom, please refer to it as it also summarizes the reputation of parts other than security.

Zoom security issues and current reputation

Zoom is a web conferencing tool that has a reputation for high functionality and high quality, but in the business scene, the reputation of security measures is also a point of concern.

First of all, let’s take a closer look at the background to the point that Zoom’s security problem was pointed out, and the current countermeasures and reputation.

The background of the Zoom vulnerability

Since the spread of the new coronavirus, the number of users using Zoom, both individuals and corporations, has increased rapidly.

Along with this, attention has also come to be paid to security issues that have not been conscious of until now.

Zoom immediately took measures against the points pointed out, and in May 2020, the latest version “Version 5.0” with enhanced security measures was released.

Although Zoom has temporarily lost its reputation, it has become a popular web conferencing tool with a reputation for its high security, as it has been successful in taking immediate measures.

Problems actually pointed out and countermeasures

Zoom’s security was pointed out around March to April 2020, but what specific problems were found?

Let’s check it together with the current correspondence situation of each.

Send device information to Facebook

Zoom can also be used with a Facebook account, but it has been pointed out that when logging in, the user’s device information is sent to Facebook.

Zoom has stopped using the development tools (SDK) provided by Facebook and is modifying the program.

The information sent is not information that identifies the individual user, and we are also requesting deletion of information sent in the past.

See also  Useful in the business scene! Introducing Zoom's new paid plan

Vulnerability to attacks via UNC links

A vulnerability related to the handling of UNC (Universal Naming Convention) paths has also been pointed out.

This means that login information is stolen by accessing a specific UNC link on a Windows terminal, but the conditions for the attack to be established are extremely difficult, and actual damage has not been reported.

Main conditions for the attack to be established (established when all are met)

  • A specific victim’s device must have been infected with malware by some other means prior to joining the meeting.
  • An attacker and a participant using an infected device can participate in the same Zoom meeting
  • A participant using an infected device clicking a link containing a UNC path entered by the attacker in the in-meeting chat.

Currently, UNC links cannot be clicked, and this problem has been resolved.

Zoom Bombing

Zoom Bombing is a nuisance act in which users who have not received an invitation to a web conference participate in the conference without permission and share inappropriate images and videos.

Due to the rapid increase in use due to the corona crisis, there was a difference in security awareness among users, and in the United States and other countries, meeting IDs and passwords for public lectures and online classes were published on SNS, etc., and it was discovered. It seems that a third party who did so participated in the meeting for the purpose of mischief and caused a nuisance.

There have been multiple measures to prevent unauthorized entry, such as locking the waiting room and meeting room, but damage has been reported in meetings with hosts who have not enabled these or are unaware of them.

Enabling either a meeting password (passcode) or waiting room is now required by default, and the host has improved the ability to control participants more easily than before. I’m here.

Poorly worded end-to-end encryption

Zoom originally announced that it had introduced a mechanism for end-to-end encryption (a state in which communication content is encrypted between participants).

However, in reality, although encryption is performed between terminals, the key information for encryption is stored on the Zoom cloud side, so “strictly speaking, end-to-end encryption is It may not be possible to say,” was pointed out by academics.

Zoom apologized for the flawed expression. At the same time, in the past, present, and future, we have declared that we will not have the means to break the user’s encryption, and we will not perform such actions.

Currently, the encryption has been corrected to appropriate expressions, and we plan to improve the mechanism so that the customer can manage the encryption key by the end of 2020.

Connection to China server

Zoom has data centers in 17 locations around the world, and may connect to other data centers if the service load at each data center increases.

Normally, it was set to connect to the nearest data center and only users in China were set to not connect to the Chinese data center, but under certain conditions there were a number of meetings that went through the Chinese server. There have been reports of incidents.

It turned out that this was a human setting error, and now it has been corrected so that it cannot go through China due to the specifications, and it has been improved so that you can arbitrarily select which country’s data center to connect to.

See also  Effective for measures to show your face! Summary of how to use the effect function

What is its reputation as a web conferencing tool?

What is its reputation as a web conferencing tool
All security issues related to Zoom have been resolved, and it is now gaining a high reputation as a safe web conferencing tool.

Next, let’s take a look at the reputation of Zoom’s usability, such as its functionality and operability.

Abundant functions streamline operations

The introduction of Zoom can significantly cut the cost of meetings and interviews.

There is no need to prepare a place for the meeting, and transportation and accommodation costs can be reduced.

In addition, since it reduces travel time, it has a reputation for improving work efficiency, such as using the free time to handle other tasks.

Communicate even when you are far away

Zoom uses a video conferencing mechanism, so you can have a conversation while looking at the other person’s face.

Even if you are in a remote location, you can proceed as if you were actually having a face-to-face conversation, so it has a reputation for being able to communicate more smoothly than email or telephone.

Another reason for its popularity is that the hurdles to holding a meeting are lowered, making it easier to prepare a place for discussion.

Simple and easy-to-use UI

While Zoom has many functions, the point is that the screen configuration is simple and easy to understand.

There are few steps for each operation, such as joining the meeting by simply clicking on the invitation URL, so even those who are worried about operating IT tools can use it with confidence.

Make high-quality calls wherever you are

Zoom’s unique data compression technology is also popular for its high stability that allows comfortable communication even on mobile lines.

In addition, since it is possible to connect using existing devices such as personal computers and smartphones, capital investment costs can be kept low.

The ability to use high-quality tools at a low cost and the security measures in place are the main reasons why Zoom is gaining popularity.

Recommended introduction plan for Zoom by application

Zoom has a free plan that anyone can use, and three paid plans: Pro, Business, and Enterprise.

The main features available in the free plan are as follows.

  • Screen sharing (file/whiteboard)
  • breakout room (grouping)
  • Remote operation
  • Recording to a computer (recording/recording)
  • text chat etc.

There is no limit on the usage period of the free plan, so you can continue to use the free plan forever.

However, in the case of the free plan, there are conspicuous disadvantages such as the time limit for group calls is limited to 40 minutes, and data can only be saved locally on the computer.

There is no problem if it is for personal use, but if you want to introduce it to your company, a paid plan is recommended.

The functions added in the paid plan and the maximum number of simultaneous connections for meetings are as follows.

plan Added features >
Maximum number of participants in a meeting
Pro plan Unlimited group calls
Assign roles to each user Advanced meeting features
such as recording settings and
encryption interoperability of
100
Business
plan
Telephone support (For purchases from NEC Networks & System Integration, the administrator can make inquiries in Japanese.) Customize
the management dashboard
URL
Add an account from the domain Login
using company authentication information, etc.
300
Enter prize
plan
Unlimited cloud recording
webinars, discounted Zoom Room plans and more
500
See also  Explain how to share screens and videos with Zoom! It also introduces what to do if it does not appear

For sole proprietors and small teams, the Pro plan is suitable, for small businesses the Business plan, and for large companies the Enterprise plan.

Also, when using for school classes and seminars (webinars), it is recommended to use the Pro plan or higher.

Points for using Zoom more safely

Zoom already has a reputation as a highly secure web conferencing tool, but it is currently being reviewed to further strengthen security.

For this reason, Zoom releases updates on a regular basis, and in some cases it may be necessary to update manually.

When you start the app, be sure to update if it says “A new version is available.”

Also, even if the update notification is not displayed, it is recommended to check the update information frequently.

Here’s how to check your current version:

  1. Click the user icon on the top right of the app screen
  2. Click “Check for Updates”
  3. If “Updates are available” is displayed, click “Update”

If it is already the latest version, “Keeping the latest version” is displayed, so there is no problem if you close it without doing anything.

For mobile devices such as iPhone, iPad, and Android, you can check and operate updates from the AppStore or GooglePlay.

summary

  • Security issues that were worried about using Zoom have already been addressed
  • Currently, it has a reputation as a tool with higher security than other similar tools, as well as excellent functionality and operability.
  • Frequent confirmation and operation of updates is important for safe use of Zoom

Zoom is gaining a higher reputation than ever since security issues have been resolved.

If you are thinking of introducing a web conferencing tool to your company, please consider using Zoom, which has excellent security measures.