Zoom Case - the price of simplicity - ISH Technology
Zoom case, part 1 - the price of simplicity

Zoom Case - the price of simplicity

Zoom, the meeting and video conferencing platform, has fallen from being the darling of people who are in social isolation after going through several privacy scandals. Several news reports were published saying that Zoom is insecure during the very period when the app was recording more than 25 million meetings a day. The Zoom case had repercussions and many people were in doubt if they should uninstall the tool.

So let's explore the facts of this story further to understand what security flaws have been detected, what risk they bring and, most importantly, how you can continue to use Zoom a little more safely.

The great attraction of Zoom was, and still is, that it is an extremely easy-to-use platform. This uncomplication was what drove the exponential increase during the coronavirus pandemic, with social distancing. Once restricted to the environment of companies and startups, it became the platform for grandma to talk to her grandchild, for virtual happy hours and for remote classes at the children's school.

So that simplicity was surely Zoom's blessing. But, at the same time, it turned out to be its curse.

The price of simplicity

Like almost everything in the world of digital security, when we create a new application or develop a new product that needs security, we are faced with a dilemma. As a rule, the greater the simplicity, the greater the risk of vulnerabilities being created in terms of digital security. Conversely, the higher the level of digital security, the harder it is to keep everything tremendously simple, at the user level. Zoom chose extreme simplicity. And with that, protection took a back seat.

What were the security breaches found?

First, Zoom Booming, as it became known, which is nothing more than having a meeting or a videoconference invaded by a third party. And this intruder can send whatever he wants, such as inappropriate content, or simply watch the conversation.

The second loophole deals with the possibility of the organiser of a meeting recording what is being discussed. And for the sake of simplicity, the file names are generated in an identical way, not randomly as is common. This way, the files could be found through an online search, meaning that anyone could find them. The searchable videos ended up leaking because they were stored unprotected on Amazon Web Services. There were reported leaks of videos of children's classes, therapy sessions and even beauticians teaching female intimate hair removal practices.

And there, we come to the third, and potentially, most serious Zoom breach. Many of these videos contain sensitive information. Financial reports of companies, names and phone numbers of patients in medical calls, faces, voices and personal details of children in remote classes. Data can be used by hackers for many different types of crime, both for electronic fraud and for scams involving social engineering.

But do the vulnerabilities found make Zoom totally insecure? Should people stop using it? In this post, I've given you step-by-step instructions for those who want to continue using the tool with peace of mind.

By Allan Costa

Copyright © 2022 ISH Tecnologia, All Rights Reserved.