The COVID-19 virus has forced employees and contractors to work from home, and educators scramble to find ways to continue to teach. Zoom, a video teleconferencing platform, has been the service of choice for many. 200 million people now use Zoom daily.
A New York Times article recently revealed that Zoom automatically sent names and email addresses of participants to a meeting to a system which matches them with their LinkedIn profiles, if the host of the meeting had signed up for the sales prospecting program LinkedIn Sales Navigator. This article came after Motherboard had revealed that the iOS version of the Zoom app was sending some analytics data to Facebook, regardless of whether Zoom users have a Facebook account or not.
These security concerns have been acknowledged in a blog post by Eric Yuan, Zoom’s CEO and the company released a new version of the app. However, a class action suit has been filed against Zoom in the Northern District of California, claiming that Zoom failed to implement adequate security protocols and failed to provide accurate disclosures to its users, and thus fell well short of Zoom’s promises as stated in its privacy policy.
The New York Times reported that New York’s attorney general, Letitia James, sent a letter to Zoom asking it which security measures have been put in place to prevent hacking. Senator Richard Blumenthal wrote a letter to Eric Yuan asking for information about how Zoom handles the personal data of its users and protects against security threats and abuse against its service.”
Another issue is “zoom bombing,” where uninvited tele-conferencing participants are “crashing” a conference to disrupt it using noise or unwelcome images, including pornographic images. Indeed, it has been reported that several educational Zoom meetings have been crashed by uninvited parties. On one instance, the intruder exposed himself to student, and in another case, the hacker disturbed a doctoral defense using obscene drawings and racial slurs.
Zoom-bombing is a crime, as we are reminded by Matthew Schneider, United States Attorney for Eastern Michigan, warning that anyone who hacks into a teleconference can be charged with state or federal crimes.
The FBI warned last month about this new risk and provided some security tips, such as avoiding making meetings or classrooms public, but instead organizing a private meeting, either by requiring a password to participate or using Zoom’s waiting room feature to control which guests can indeed be admitted.
The FBI also recommended not to share a link to a Zoom event on social media but instead send the link to invited parties, to set screensharing to “Host Only,” and also to make sure that people use the January 2020 updated version of the Zoom software, which disabled the ability to randomly scan for meetings to join.
Zoom announced in early April that it will enable the “waiting room” feature for all accounts, including the free accounts, and will also require additional password settings. Free K-12 education accounts will be required to use passwords and will not be able to turn off the password feature. The New York City Department of Education has however announced that it will no longer allow the use of Zoom for distance learning out of security concerns.
by