- Zoom is aware of Zoom-bombing or Zoom gate-crashing tactics during public video conference calls, according to a company blog post. Bad actors are flooding Zoom calls with disturbing images, reports TechCrunch.
- The company said Friday that anyone with access to a call link can join a public forum. If the link is shared, whether on social media or otherwise, Zoom recommends disabling screen-sharing among participants.
- Call hosts should refrain from using their personal meeting ID (PMI) for hosting public forums. An employee's PMI is "basically one continuous meeting" where "randos" can disrupt a private "virtual space," according to the blog.
From Feb. 24 to March 13, Zoom saw an 84% increase in unique users, according to data from Okta. The video platform outperformed its competitors WebEx and RingCentral.
While it's a booming time for Zoom's business, the company says it is attempting to put reliability and security control back in the hands of its customers.
Passwords and authentication can weed through appropriate video attendees, while locked screen-sharing capabilities allows the host to keep control of the call, Cameron Clark, security engineer at Gremlin, told CIO Dive. "Unfortunately, Zoom doesn't have a lot of granularity with that, which is something they could definitely improve on."
While communication tools — such as Zoom — are reimagining how companies, schools and everything in between operate, the tools have their faults.
"The great part about Zoom is it makes it really easy for people to hop into a call without having to jump through too many hoops — but that's also one of its biggest privacy issues," said Clark.
Zoom has a number of internal security flaws that roll into privacy concerns, according to ProtonMail.
Though Zoom offers guidance in mitigating Zoom-bombers, there are also issues beyond the control of customers. The security of a video conference call extends beyond bad actors crashing it.
A security consultant found the company "set up a local web server on a user’s Mac device that allowed Zoom to bypass security features in Safari 12," according to ProtonMail. The remote server was unsecured, which could allow bad actors to take over a user's webcam.
The remote web servers have since been removed, but highlights the ambiguities of user privacy and consent on business communication platforms. In January, Boeing released a history of internal employee messages revealing knowledge of flawed aircrafts.
Collaboration platforms and applications, including Zoom, Slack, Microsoft Teams, and Google Hangouts Chat, are collecting more data than ever as the world works remotely.