・Since this content is intended to provide general information, it includes initiatives in which we are not involved.
・Photos and images used in the article are images. It may differ from the content provided by the actual product or service.
・The content of this blog is based on the information at the time of publication. Therefore, regarding the content of the product, images and operation procedures may differ from the current version due to version upgrades.
*Zoom and services that include the name Zoom are services provided by Zoom Video Communications, Inc.
From July 15, 2022, Zoom will have a 40-minute limit even for meetings with two participants if you have a free subscription. (Previously, it was only for meetings with 3 or more people.)
Companies and organizations using Zoom for business should consider switching to a paid license at this opportunity.
To solve this problem, Zoom released an update in April 2020. Some people may be thinking,
So this time, we will explain in detail the security vulnerabilities of Zoom.
This article is for people who:
- People who are concerned about Zoom’s security vulnerabilities
- People who want to know how Zoom’s security/vulnerability was resolved
- People who are thinking about a meeting using Zoom
The pointed out Zoom vulnerability and security are heading for resolution
It was around March 2020 that Zoom’s security and vulnerabilities became a problem for experts. In April of the same year, four updates were made, and in May, measures for the security and vulnerability issues pointed out were completed or planned.
Many companies have introduced telework, and the number of users of the web conferencing system Zoom has increased rapidly. As of December 2019, the total number of users was about 10 million (per day), but in April 2020, the total number of users reached 300 million.
However, as the demand for the web conferencing system Zoom increased, experts pointed out security and vulnerability issues.
Since the application was updated on April 27, global criticism of vulnerabilities has rapidly subsided.
5 issues related to Zoom’s security and vulnerabilities
So, what exactly were the Zoom security and vulnerability issues pointed out around March 2020?
In this article, we will explain five major security and vulnerability issues of the web conferencing system Zoom.
Will my usage information be sent to Facebook?
This is an issue that was sending data to Facebook when a user opened the Zoom app. The data sent is not personal information, but information about the device used by Zoom. Specifically, the type of Zoom device used and the name of the telecommunications company were sent.
A particular problem was that not only Facebook users but also the device information of Zoom participants who did not have accounts were sent.
Are you at risk of having your credentials stolen?
A security vulnerability was pointed out when Windows users used the Zoom app delivered by early March 2020.
There is a risk that authentication information such as IDs and passwords may be leaked if users are hacked using Zoom functions.
This type of hacking would not work if there was no malware, which is malicious code, in the user’s Windows terminal in advance. Therefore, it is pointed out that the risk of information being stolen due to Zoom’s vulnerability is low.
In any event, an update from Zoom fixed the vulnerability in March.
Not encrypted?
Encryption is the transformation of one data into another by special processing to maintain security or protect privacy. By using a “key” that matches the converted data, the original data can be decrypted.
The web conferencing system Zoom claimed to protect information with advanced encryption called ‘end-to-end’. However, in reality, although encryption was performed, the key for decryption was managed by the Zoom server.
The system was criticized around the world for its lack of rigorous end-to-end protection of information.
Have you ever been “Zoom Bombed”?
“Zoom Bombing” is what we call vandalism. The problem was that third parties who were not planning to participate in university lectures and public lectures, etc., often posted socially inappropriate images and made offensive remarks. became.
General users who were unfamiliar with how to operate the system published the URL of the Zoom meeting on SNS and bulletin boards, and the mischief mentioned above occurred frequently, and the name “Zoom Bombing” was born.
Originally, Zoom had a security function that prevented third parties from intervening in the meeting, but it seems that people who used it without knowing it suffered damage.
Can I track participants from the main window?
The ability to check whether Zoom users are properly participating in the meeting was also viewed as a problem. This feature notifies the meeting organizer if the participant has been away from the screen for more than 30 seconds when the meeting organizer shares the screen.
From the organizer’s point of view, it may have been a convenient function, but from the participant’s point of view, some people may feel that they are being “monitored” or “infringing on their privacy.” In addition, the fact that the existence of this tracking function was difficult for participants to understand was one of the factors that raised the issue of Zoom’s security and vulnerabilities.
Explanation of improved security and vulnerability points
In response to the issues explained so far, Zoom took measures to improve security and vulnerabilities in April 2020. The following five points are important for version upgrades related to security and vulnerabilities.
- Updated encryption to the latest (AES-256 GCM)
- Communication program made by Facebook has been removed
- Data center (where communication goes through) can be selected
- It is now possible to report and block fraudulent users on Zoom
- Encryption can now be checked with an icon
In addition to the above, measures such as setting the waiting room before the meeting to the default setting and complicating IDs and passwords were taken.
Along with the rapid increase in the number of users of the web conferencing system, Zoom’s security and vulnerability issues have been widely discussed, but as of May 2020, measures have already been completed. It can be said that by taking prompt measures, meetings using the web conferencing system Zoom are being held more safely at many companies.
Also, the other day, Zoom announced that it will provide official end-to-end encrypted communication to all users by the end of the year, and it seems that it will become a tool that can be used with even greater peace of mind in the future.
Measures to increase security and use Zoom safely
Security and vulnerability issues related to the web conferencing system Zoom are being rapidly addressed. However, it is important for users themselves to be aware of how to use Zoom safely on a daily basis.
In this article, we will explain five security and vulnerability countermeasures for the web conferencing system Zoom that you can do yourself.
Understand security issues
First of all, let’s know in advance about the security and vulnerability issues of the web conferencing system Zoom. Checking the sources of security and vulnerability issues greatly increases your chances of avoiding risks.
It is important to know not only the security and vulnerability issues of Zoom, but also the latest scams and attack methods. In particular, there are various types of fraud techniques, and they are clever, so we recommend that you always check the latest information.
Install the latest version of Zoom
Zoom’s security and vulnerability issues have been resolved, but you’ll need to install a new version of the app to use the addressed tools.
If you are already using Zoom and have not updated since April 2020, take this opportunity to get the latest version of the web conferencing system. If you continue to use old apps that have not been protected against, you will have concerns about security and vulnerabilities, so please be careful.
In addition, Zoom is working daily to improve security and fix vulnerabilities. Updated apps will be distributed in the future, so let’s check the information regularly to see if the Zoom you’re using is the latest.
Check the meeting URL properly
Zoom is a system that allows you to have conversations on the web by sharing a URL with participants. However, you need to be careful because there are fraudulent methods that disguise this URL and send you something that leads to a malicious site.
If you accidentally click on a fake URL, you run the risk of having your privacy information stolen or your data stolen.
If you check the domain of the URL carefully, you can see the difference from the legitimate one. In order to increase the security of Zoom, be sure to check the shared URL carefully.
Thorough management of IDs and passwords
In order to avoid Zoom vulnerabilities and improve security, it is important to set up management of IDs and passwords that you use on a daily basis. Be aware that if any of these leaks to non-participants, the risk of being hit by a Zoom bomb increases.
Also, when joining a Zoom meeting, it is recommended to set it so that you cannot join without entering a password. By the way, this setting is the default in the upgraded web conferencing system Zoom.
Set screen sharing to host only
Zoom can share the screen of everyone in the meeting, but personal information can be leaked. Therefore, if you set it to “Host Only” in advance, you can rest assured in terms of security. Select “Advanced Sharing Options” from Zoom’s settings and change the settings to suit you.
summary
Due to the rapid penetration of telework, the use of the web conferencing system Zoom is attracting attention. The security and vulnerability issues pointed out around March 2020 have been resolved, so you can use the Zoom app with more peace of mind in the future.
Zoom is an app that can be used not only for companies but also for personal use. It’s a tool that can be used in a wide range of ways, so if you haven’t used it yet, take this opportunity to start using it. You can share images and files with many people, and face-to-face communication like video calling is very convenient.
There are plenty of optional functions, so you should try using them as needed.