SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Security and Privacy Implications of Zoom
Date    Saturday April 04 2020, @03:43PM
Author    Fnord666
Topic   
from the thus-spoke-Schneier dept.
https://soylentnews.org/article.pl?sid=20/04/04/042250

upstart writes in with an IRC submission for carny:

Security and Privacy Implications of Zoom - Schneier on Security:

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

Now security: Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.

Finally, bad user configuration. Zoom has a lot of options. The defaults aren't great, and if you don't configure your meetings right you're leaving yourself open to all sort of mischief.

Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out. (Their 4/1 response to all of this is here.) On 4/2, the company said it would freeze all feature development and focus on security and privacy. Let's see if that's anything more than a PR move.

Previously:
(2020-04-02) Elon Musk's SpaceX Bans Zoom over Privacy Concerns
(2020-03-28) Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For
(2020-03-27) School Quits Video Calls After Naked Man ‘Guessed’ the Meeting Link
(2020-03-23) Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
(2020-03-21) Homeschooling Resources
(2020-03-14) Student Privacy Laws Still Apply if Coronavirus Just Closed Your School

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Security and Privacy Implications of Zoom - Schneier on Security" - https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
  3. "exploded" - https://www.cnbc.com/2020/02/26/zoom-has-added-more-users-so-far-this-year-than-in-2019-bernstein.html
  4. "cabinet" - https://twitter.com/BorisJohnson/status/1244985949534199808
  5. "meeting" - https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
  6. "reported" - https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
  7. "removed the feature" - https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook
  8. "disaster" - https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing
  9. "here" - https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
  10. "said" - https://www.theguardian.com/technology/2020/apr/02/zoom-says-engineers-will-focus-on-security-and-safety-issues
  11. "Elon Musk's SpaceX Bans Zoom over Privacy Concerns" - https://soylentnews.org/article.pl?sid=20/04/02/1855204
  12. "Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For" - https://soylentnews.org/article.pl?sid=20/03/28/1540217
  13. "School Quits Video Calls After Naked Man ‘Guessed’ the Meeting Link" - https://soylentnews.org/article.pl?sid=20/03/27/1744206
  14. "Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits" - https://soylentnews.org/article.pl?sid=20/03/23/198254
  15. "Homeschooling Resources" - https://soylentnews.org/article.pl?sid=20/03/21/1751219
  16. "Student Privacy Laws Still Apply if Coronavirus Just Closed Your School" - https://soylentnews.org/article.pl?sid=20/03/14/1324210
  17. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=40194
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Security and Privacy Implications of Zoom on 2024-04-19 03:40:20