After a long line of security compromises have been revealed, Cyrex has advised clients and partners on the extreme risks of continued use of the newly-popular Zoom video conference calling platform. In addition, Cyrex team members have been prohibited from using Zoom for work-related activity with a strong suggestion to avoid use in a personal setting also.
The growth of Zoom as the go-to platform of choice for conference calling and group video communications has been both staggering and unexpected. Social distancing measures in place because of the spread of COVID-19 have led businesses and individuals alike to seek new ways to meet and keep in contact and, largely, the solution that has presented itself has been Zoom. To put the scale of the platform’s growth into context, Zoom’s number of daily users has gone from just 10 million in December 2019 to over 300 million in April 2020.
Fail to Prepare, Prepare to Fail
What seems to be unfolding in front of our eyes now is a case study in how a platform can be so overwhelmingly underprepared for such an unforeseen injection of users in such a short time. In failing to properly secure its members’ calls and personal data, the list of global companies and governments banning the use of Zoom grows daily. In business, we have already seen companies like SpaceX, Siemens, and Standard Chartered Bank prohibit the use of the video calling platform in business activity. Similarly, the US Senate, the Pentagon, and the US Department of Defense have issued internal warnings on using Zoom, as well as a blanket ban for all members and civil servants within the Taiwanese government.
What Are the Issues Associated with Using Zoom?
The number of new risks and issues being reported seems to grow daily. The most active and recurring is undoubtedly ‘Zoombombing’, in which hackers effectively join in on users’ conversations uninvited. This is an inconvenience and a violation of privacy in a personal setting, but in a corporate scenario, it is a recipe for disaster. Other alleged common issues being reported include:
- Zoom sharing user private Facebook data with third parties without consent
- Remote access and take-over of Mac computers (in an older version of Zoom)
- Hacks granting full access to any user’s Zoom account
- Storage of individual user recorded calls living on the cloud for a number of hours after users personally deleting them
- Hackers accessing and being able to download user calls recorded on an unsecured link
Two of the most concerning items to date have been the hacking of a Holocaust Memorial Day event causing it to be bombarded with anti-Semitic imagery and audio and the reported advertisement of a hack that would allow users to access calls without those on the call being aware. This particular item was reportedly on sale for $500,000, the premium pricetag stemming from its acute corporate espionage potential.
What Measures Have Been Taken to Improve Security?
Though Zoom seem to be constantly taking steps towards improving the security of their platform – for example additional privacy measures added on April 18th for paid members of the platform – it is still advisable to avoid the platform until lasting and definitive fixes have been made.