How video platform Zoom got its security in check

Get a free Techzine subscription!

As the video conferencing platform offers convenient features for working from home, Zoom went through a large growth in popularity in 2020. However, Zoom was not only the center of attention because of its handy features: it also suffered from major security issues. The company is still working on its security, but has taken many steps to improve.

Zoom is has become of the major collaboration platforms during the pandemic. Initially, you could create a link for a video conference and share it with everyone. However, it turned out that hackers could easily guess URLs and regularly broke into meetings as a result (Zoombombing). However, this was only the tip of the iceberg, leading security experts to advise against using Zoom. Users mostly ignored the warning, as the app still managed to attract 200 million active users per day. Early last year, we already wrote an extensive article about the security problems with Zoom.

Zoom working on its security

Fortunately, the warnings did not fall on deaf ears with Zoom. The company actually thoroughly apologized and promised to improve the app. Especially when it came to light that a spy feature had been built in. This allowed the manager of the meeting to keep track of whether the participants were paying attention. Moreover, recordings of the video meetings could be replayed, so Zoom had a lot of explaining to do. In the meantime, administrators could also view all kinds of data on participants in each meeting, such as IP addresses, locations and even which operating system and devices the participants were using.

Many more security problems have been reported, and Zoom has collected them all. Certain features could fortunately be disabled immediately. However, there were also larger problems that needed more time to fix. Zoom CEO Eric Yuan apologised in a blog post. He and his team started writing regular updates on what had been improved at Zoom. This started with a three-month freeze of the affected features.

External experts were hired to assess Zoom’s security. A bug bounty programme was set up. Plus, a weekly privacy call was instituted in which Yuan promised to be as transparent as possible to its users. Certainly, the fact that Zoom shares messages with Facebook and has a rather malware-like way the software worked on Apple systems, made it an extra precarious matter in a world where people seem to be increasingly aware of their privacy rights in online environments.

Security problems

Although the security problems at Zoom were held under close scrutiny, that does not mean that Zoom was the only video conferencing software that did not have its affairs in order. However, so many security problems piled up that people became alarmed. This gave the company a great opportunity to make things better and it seized that opportunity to do so. However, this needs time and the company took it. Most of the problems came to light in March; how are things now?

In the first ninety days that Zoom took to put its security in order, the company did not sit idle. Zoom has decided to stop using Chinese servers and the meeting IDs were removed from the title bar. No less than 100 new features were developed in those 90 days to make Zoom more secure and pleasant to use. Zoombombing became a thing of the past and all meetings were password-protected instead of being freely accessible. Waiting rooms were also created where people had to let you into the meeting before you could actually get in.

The purchase of Keybase

Although many competitors do not offer end-to-end encryption either, Zoom bought Keybase to improve identity management. The company very clearly and very openly took steps to improve security and polish its image. Rarely have we seen this so clearly in a tech company, or indeed any industry. Moreover, the company has actually made some thorough changes, whereas other companies would often continue with business as usual and only make adjustments on the sides.

This step and this transparency have been seen by users and security experts the like. Is it smart to share your business results or other confidential information in a video meeting in a web browser without a VPN connection to the office? No. However, according to experts, Zoom is now secure enough to stream a sports event or hold a business meeting in which slightly less confidential information is shared. Zoom is and remains very handy: it is easy to use and you can have up to 100 people logging in at the same time.

In addition, the service recently added support for two-step authentication. This feature was in great demand, but it was a great challenge to implement. Zoom has now achieved this, although many security companies continue to recommend using the browser version instead of the app. That is because it is immediately provided with the latest updates.

Hackers know where to find Zoom

There is so much going on around Zoom that it is still a favourite target for hackers despite the major security changes. Various situations have occurred in which fraudsters try to get hold of usernames and e-mails by phishing. These consist of e-mails and text messages that appear to have been sent by Zoom, often stating that your account is about to be deleted and that you should take action.

Although this isn’t an issue that can really be blamed on Zoom, the company is not completely out of the woods yet. In November, the US Trade Commission indicated that Zoom had been misleading its users and had engaged in several unfair and deceptive practices. The commission emphasizes the fake end-to-end encryption discovered in March and the software that Zoom previously installed on Macs without user permission. Therefore, Zoom still has work to do to put its security transparency in order, because almost a year later, Zoom is still under heavy scrutiny.

Tip: Zoom vs Google Meet vs Microsoft Teams vs Webex Meetings vs BlueJeans