Cybersecurity experts advise to abandon Zoom
Group-IB, a cyber-attack prevention company, advises users to switch to Zoom's video conferencing service counterparts due to security concerns.
The Zoom application has gained immense popularity amid the pandemic of coronavirus infection and the transition to udalenka. As the head of the company Eric Yuan said this week, on April 21 more than 300 million people used the application - 50% more than at the beginning of the month. And in December, the daily audience of Zoom did not exceed 10 million people.
Along with this, Zoom’s great demand revealed its shortcomings: the service was criticized for the lack of end-to-end encryption, Facebook data transfer and insufficient privacy protection. In addition, Zoom has increased the influx of Internet trolls who invade the conversation, swear and broadcast porn.
Often, attackers of provocateurs (this phenomenon was called zombombing - the default application settings are to blame, which make any video call public by reference.
At the beginning of April, the head of Zoom apologized for the security gaps and said that the company was suspending the introduction of new features for 90 days, and instead would concentrate on fixing vulnerabilities. However, Group-IB experts say that the urgent need to strengthen cybersecurity is necessary now, so experts recommend using Google Meet, GoToMeeting or Cisco’s WebEx service. And if you need to communicate by voice, without video, then Group-IB advises Signal.
However, in the week Zoom should upgrade to version 5.0, where a new panel with all the basic security features will appear. In particular, in order to protect themselves from uninvited guests, users will be able to transfer calls to the closed mode with one button, delete participants and restrict screen and chat sharing. Through the pop-up menu, you can also prohibit participants from sharing their desktop image, chatting, changing their name and commenting on content sent by other users.
Hangout passwords are now set by default, and system administrators can set the passphrase complexity for business users. In addition, Zoom switched to a more reliable encryption algorithm - 256-bit AES in GCM mode.