5 Easy Steps to Secure Your Zoom Video Calls
Points of Interest
As droves of users flocked to their servers, videoconferencing giant Zoom has been playing whack-a-mole with a litany of security issues. Here’s what you can do to guard yourself.
Zoom Video Communications was founded in 2011, but it wasn’t well-known until the coronavirus became a global crisis. Companies looking to work remotely and individuals finding ways to keep in touch virtually took to Zoom to stay connected with video calls. The platform became so popular that its daily users rose from 10 million in December 2019 and currently clock in at 300 million.
The number of participants, the ease of use and the ability to share screens are among some of the desired features in a video conference service, which Zoom embraces. The platform offers free, 40-minute calls with up to 100 guests. However, the surge in users amid the COVID-19 pandemic has highlighted Zoom’s multiple security and privacy issues. Social distancing measures haven’t stopped hackers from still committing scams that target everything from retirement to mortgages, disrupting meetings or stealing personal information. And researchers have found that Zoom is vulnerable to hackers, has an insufficient end-to-end encryption and shares data with third parties that have resulted in four lawsuits being filed against the platform.
After receiving global backlash and being banned by several governments and companies, including NASA and Google, Zoom kicked off a 90-day plan on April 1 to fix its problems. In the meantime, if you are a Zoom user, here are some things you can do to avoid security issues while on the platform.
Step 1: The fix for Zoom-bombing
On March 30, the FBI’s Boston division announced that incidents of Zoom-bombing are taking place nationwide. The term refers to Internet trolls and hackers disrupting conferences on the platform and projecting graphic content or vulgar vitriol, forcing hosts to end video sessions early. Arizona State University and the University of Southern California are among some of the educational institutions that reported occurrences of obscene and racist language crashing classes that were held via Zoom, as well as companies like Chipotle.
To make conferences safer and more private, Zoom implemented a meeting control option called Security on April 7. The Security option allows hosts and co-hosts to respond quickly to issues by locking meetings, removing participants and restricting members’ ability to share screens, rename themselves and chat in meetings. Unlike previously, the Security icon ensures that all security settings are in one place in order for hosts to immediately act upon should meeting disruptions occur.
Additionally, Zoom is currently requiring passwords for meetings and webinars, as well as turning Waiting Rooms on by default to prevent Zoom-bombers.
Step 2: The fix for the Zoom app
According to Kaspersky, an international cybersecurity company, several Zoom client apps have shown various flaws, including allowing hackers to access cameras and microphones. While Zoom has resolved this problem, the platform is still vulnerable since it lacks “a proper security assessment.” As a result, it is recommended that Zoom’s users increase their security by utilizing the web interface instead of installing the app to access meetings. The web version is more secure because it functions in a restricted environment in the browser’s “sandbox,” which decreases the damage of a potential security problem in an app.
In cases where Zoom has downloaded the app to a device, and there aren’t any other options to connect to a meeting, Kaspersky recommends limiting the app installation to a secondary device that lacks personal information. Also, Zoom is compatible with Skype for Business. Therefore, the latter platform can serve as an additional option to handle Zoom meetings.
Step 3: The fix for fake Zoom apps
In March, a security researcher at Kaspersky discovered that the number of malicious files that have incorporated the names of some top video conference services, including Zoom, had approximately tripled compared to 2019. To avoid accidentally downloading a malicious file disguised as the conference platform, individuals who want to install the app should do so via Zoom’s official website to download for Mac or PC or go through the App Store or, Google Play, for mobile devices.
Step 4: The fix for stolen login information
Cybersecurity intelligence company, Cyble, discovered hackers are selling stolen Zoom credentials on forums and the dark web for less than a cent. In fact, Cyble purchased about 530,000 of the credentials for dirt cheap at $0.0020 per account. The accounts included email addresses, passwords, personal conference URLs and Zoom host keys, and Cyble was able to confirm that the credentials were valid.
Zoom is employing intelligence firms to discover “password dumps” in order to reset victims’ passwords. While individuals can check if their information was leaked through data breach notification sites, like Have I Been Pwned and Cyble’s AmIBreached, experts also recommend using unique and strong passwords for each account. Password management apps such as 1Password and LastPass can help generate strong passwords that are not duplicated across an individual’s devices. The apps also securely store login information.
Step 5: The fix for camera and microphone takeovers
Security researchers discovered that Zoom has bugs that allow hackers to steal Windows’ passwords, as well as insert malicious codes into the platform, which gives the attacker control of the user’s Mac, including access to the device’s microphone and webcam. Zoom reported that it had fixed the problems on April 2.
To ensure that those issues won’t affect individuals, security researcher Sean Wright told Forbes that users should make sure to update the installed versions of Zoom’s app. The latest update is known as Zoom 5.0, which launched on April 27. The platform will require all of its users to be updated by May 30 in order to participate in any Zoom conferences.
Sign in and prosper
In addition to acquiring secure messaging service Keybase and adding a new encryption standard used by the U.S. government, Zoom has also turned to Facebook’s former chief security officer, Alex Stamos, as a consultant to help enhance its security and privacy capabilities. While some may not think Zoom is doing enough to make its services more secure, the platform’s CEO has stated that they are making numerous moves to meet consumer demands and gain users’ trust again.
Featured image courtesy of Zoom