The debate over the benefits and vulnerabilities of Zoom is becoming even more complicated as Zoom was forced to walk back a previous decision to deny End-to-End Encryption (E2E) for free users. As millions of new users took to the video conferencing tool during the coronavirus pandemic, it was quickly discovered that Zoom’s cybersecurity features were not all that was promised. After several additional scandals and responses by the company’s CEO, Zoom encryption is finally receiving an update in 2020.
Mass Migration to Zoom During COVID-19
COVID-19 and the shutdowns it caused in the name of social distancing saw many leverage video technology to continue personal interactions as well as work from home. Zoom quickly rose to the top of the list of preferred application as the company boasted it saw 300 million daily meeting participants in April 2020 (up from only 10 million in only five months). The relatively easy features and availability of the app saw it being used for multiple contact channels, from business meetings to classroom lectures, and even to government proceedings.
Lack of Encryption and Cybersecurity Uncovered
However, a practice labeled “Zoombombing,” where victims were harassed by bad actors who had broken into their video calls, brought the state of Zoom’s security into question. The app had had a few major exploitable bugs revealed publicly in recent years, but now that the user base had grown so exponentially, there was a much bigger backlash and considerable scrutiny followed. In reality, the consistent cybersecurity gaps hinted at a much bigger problem with the app’s data security controls, but the extent was unknown the spotlight forced it to the forefront.
Zoom’s marketing had misled customers – despite claims of sophisticated encryption through EE2E, any video chat actually had the same native security as a web browser. Actual data protection fell to the company itself, which had open access to all collected user information. While Zoom has sworn that it does not mine this data, additional findings provided implied they actually were selling personal information to advertisers and social networks.
Zoom Plans to Remove Encryption for Free Users
The backlash over the revelation forced Zoom to take steps to improve their cybersecurity stance; however, company representatives expressed stipulations of this plan that would cause even more controversy. In order to provide actual secure encryption, the company ostensibly needed information only included with paid accounts. Many observers either reinforced or questioned this reasoning, but the debate became even more muddled by Zoom itself when the CEO made additional claims that encryption would block the company from working with law enforcement.
Data Privacy and Censorship Scandals
The Zoom CEO’s comments came in the middle of protests sparked by the killing of George Floyd by a Minneapolis police officer, and generated immediate backlash. This was further aggravated by additional revelations that Zoom had cooperated with China in suppressing activists with accounts on their platform. Though the company later joined others in blocking user data requests from the Chinese government, the damage was done – Zoom’s ability – and willingness – to ensure user data privacy was called into question.
Major Reversal Leads to Roll-out of New E2E Features
The mounting backlash finally forced Zoom to include free users in its end-to-end encryption service, though with yet another caveat. As long as these accounts provide additional information that would allow verification of their identity, they will receive the same level of E2E as paid users do. As of this writing, the new security features are still being rolled out and tested in the real word, and we will have the full picture on their impact in the near future.
The Cybersecurity Challenge of Video Apps
Zoom is also still in the spotlight as of this writing, with delays in delivering a promised transparency report on how it provides data to governments. This scrutiny is not likely to end soon given the precedent created by Zoom itself, as well as by similar hardware-connected apps. The age of digital transformation continues to remind the public that everything with an Internet connection is inextricably linked, and this lesson will undoubtedly be on display again when the next hot tech company drops the data privacy ball.
Many of these apps inevitably contain exploitable backdoor connections, for a variety of reasons but mostly boiling down to money. Whether because the cost of operating end-to-end security on the developer’s end is too great, or because the data mining applications are too lucrative, there will always be an element of exposure in many digital applications on the market. Most importantly, no technology will ever be full proof against human error.
Let SWK Help You Secure Zoom or Find an Alternative
SWK Technologies has experience with providing customers with security solutions for many software and network vulnerabilities. We can help you cybersecure your existing applications, or direct to a better alternative for video communications, like Microsoft Teams.
Contact SWK today to learn how we can enable you to avoid the cybersecurity pitfalls of Zoom and other unsecure apps.
