Covid-19 has brought about significant changes in our society, both socially and professionally. Measures implemented by governments worldwide have led the global population to change their habits. As a result, numerous companies and individuals have turned to various video conferencing solutions. You've likely experienced "Skypéros" with your loved ones or friends, or even work meetings conducted via video conferencing (and in pajamas). Children are also receiving remote education.
Video conferencing solutions are numerous; some have existed for years, while others have emerged more recently. Skype, known to all and with which the vast majority of us already have an account, is favored for this purpose. For convenience, there's also Google Hangouts, for example, which is directly integrated into your email and accessible from any web browser. Similarly, Appear.in, the Norwegian video conferencing solution, embraces simplicity by requiring no installation either. Moreover, the free version has gained significant popularity since its inception. At Kalyzée, we use Whereby for our online meetings, which is practical and very intuitive; I'll provide more details below.
In short, you've understood the idea: there is a multitude of free and user-friendly tools available! However, not all video conferencing solutions are equal; let's take a closer look.
First and foremost, let's zoom in on Zoom. Zoom was founded in 2011 by Eric Yuan, an engineer from Cisco. This company has achieved great success, even going public in April 2019. Zoom is an American video conferencing service that caters to various use cases, such as web conferences, chat, and online meetings that can accommodate up to 10,000 participants. To achieve this, Zoom allows users to create virtual rooms where collaborators can interact. Moreover, this solution is usable from computers, tablets, or smartphones.
While Zoom had 10 million users in December, the number had grown to 200 million by March. Zoom became one of the most widely used video conferencing solutions in the world. This sudden surge in activity put Zoom in the spotlight. Recently, many institutions have raised concerns about Zoom users' security issues. Let's delve into these vulnerabilities.
First and foremost, when signing up for Zoom, the "Company Directory" function sometimes automatically groups individuals sharing a domain name. I myself experienced this with my university's domain, finding myself with the email addresses of people I didn't know and the ability to video call them.
Another security issue with this video conferencing solution was highlighted by the American website Motherboard. Zoom was transferring users' personal data to Facebook without their consent, through iOS, until March 28th. Consequently, Facebook had access to information such as your smartphone model, the time you opened the application, the city you were calling from, and even your carrier, all without your authorization. This data could be used for targeted advertising. History has shown that Facebook is no stranger to such practices. This is how participants' professional profiles were revealed after Zoom integrated with LinkedIn, even when being connected anonymously. However, Zoom recently stated that this is no longer the case.
On the dark web, individuals are selling information about Zoom meetings, as reported by Yahoo News. An Israeli cybersecurity company, Sixgill, reportedly uncovered this phenomenon. The information pertains to 352 Zoom accounts, revealing their identities, email addresses, passwords, and host fingerprints.
But that's not the end of it. As investigations progress, more data security problems are coming to light.
The Washington Post and Mashable unveiled another security issue with this video conferencing solution. Thousands of diverse Zoom meetings were freely accessible on the internet. The spectrum of these discussions ranged from medical calls and confidential business meetings to simple "confinapéros" (informal exchanges via video platforms) among friends. How is this possible? Currently, users have the option to download their meetings to their chosen system. However, this server isn't always secure. Furthermore, video and audio files from Zoom are named in a predictable way, making it easy to locate and access unencrypted files. Zoom has addressed this issue by advising caution when downloading files. They have announced various initiatives to address the platform's security problems.
Zoom Bombing refers to the act of intruding into a Zoom video conversation without being invited. Zoom video conference rooms aren't automatically protected by passwords; sharing the link is sufficient to invite users. This connection link can be obtained by strangers if shared on the public web, which is a boon for trolls and pranksters. Some individuals have even gone as far as to insult meeting participants or make racist remarks. Users must, therefore, exercise caution when managing and using video conferencing solutions.
This phenomenon shouldn't be taken lightly; the FBI even issued a warning to users about it on March 30th. Without a password for these meetings, hackers can easily scan for meeting IDs and identify active or scheduled meetings. A security professional named Trent Lo and members of SecKC developed a program called zWarDial. This software can find 100 meeting IDs in just one hour and gather information about them. Impressive results, but also concerning for Zoom users. You can find more information on this matter on KrebsOnSecurity, where Trent Lo's approach is explained.
For all these reasons, some New York schools have banned the use of Zoom for remote classes, according to The Washington Post. Other American schools followed suit. Apart from the education sector, prominent names like SpaceX and NASA have prohibited their employees from using Zoom. They recommend using emails and phones, which speaks volumes about their confidence in this software. More recently, the Taiwanese government banned the use of Zoom after discovering that Zoom meetings were hosted on Chinese servers.
Furthermore, a recent report from CERT-EU has confirmed these concerns, highlighting additional security issues with this video conferencing solution. They rightly advise European institutions, entities, and agencies to avoid using Zoom until all these security problems are resolved.
None of the video conferencing solutions is without flaws, but this sudden success has drawn international attention to Zoom. It's crucial to understand that these security issues are not exclusively related to Zoom. When a solution, in any field, achieves significant success and accumulates a large number of users, hackers and other malicious individuals will take an interest. For instance, Microsoft is more susceptible to viruses than a lesser-known solution because it's more likely to be targeted. Therefore, I recommend considering less-known video conferencing solutions that are less exposed to the aforementioned security issues.
In conclusion, here are some examples of video conferencing solutions you can use with your friends or colleagues.
