As the video calling software is being used for everything from business meetings to virtual drinking sessions, cybercriminals have been quick to turn up the heat
With work from home at an all time high, video calls have been working hard to plug the communication gap around the world, both professionally and socially. Zoom is perhaps the most prolific of these services, recently passing the 200 million daily users mark.
This is all the more impressive when you consider that the platform had just 10 million daily users back in December last year.
On Tuesday, UK PM Boris Johnson even shared a screenshot of a Cabinet meeting taking place over the now ubiquitous platform.
This morning I chaired the first ever digital Cabinet.
Our message to the public is: stay at home, protect the NHS, save lives. #StayHomeSaveLives pic.twitter.com/pgeRc3FHIp
— Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 31, 2020
However, this is not without its problems, as Zoom now faces an onslaught from security and legal specialists who claim that the platforms default settings are not secure enough.
The issues have been partially exposed by the growth of a new phenomenon dubbed ‘Zoombombing’, whereby unwanted pranksters join a private meeting simply by accessing its unique, shareable ID number – in the aforementioned Tweet from the PM, the meeting’s ID number can be clearly seen to be 539-544-323, though thankfully this meeting was password protected. While this ‘Zoombombing’ could be construed harmless fun, it does represent a significant security and privacy threat, and this is sadly the tip of the iceberg.
Zoom has recently had to remove code in its iOS app that sent device data to Facebook, as well as rewrite parts of their security policy after it came to light that users data was being used to produce targetted ads. In addition, Zoom has claimed its service was supported by end-to-end encryption, though it noticeably backtracked yesterday, admitting that “it is not possible to enable E2E [end-to-end] encryption for Zoom video meetings”.
All in all, Zoom’s platform seems insecure at best and perhaps complicit in selling user data at worst. Perhaps the lesson we should really take from this situation is acknowledging a key trend in the rapid uptake of new technology – people value simplicity over security. If a service is free, easy to access, and easy to use, customers will forego many of their security concerns, to the delight of hackers.
Hopefully this will provide a poignant lesson for operators when it comes to 5G and especially the IoT. With an entire ecosystem of connected devices on the horizon, security must be of paramount concern, especially since the lack of it will not dissuade the public until the damage is irreversible.
Also in the news: