Lock-down — Zoom app popularity and it`s privacy issues
Zoom (A video conferencing app) becomes the most-downloaded Android app in India during coronavirus lockdown.On Google Play Store in India version, Zoom’s Android app was at the top of the charts followed by TikTok, UVideo, Google Pay, Instagram and WhatsApp under the “top free” apps section.
Zoom ( The Silicon Valley-based Startup) is one of the tech companies that has hugely benefitted from the coronavirus pandemic.
With more and more people working from home, Zoom became the sought after app as it specializes in remote working and video conferencing software.
Zoom has been preparing for this moment since the new coronavirus began spreading in China in January.
Its iOS app became the top free download in Apple’s App Store recently.
College students across the country are going on Zoom blind dates.
On Sunday afternoon, Eleanor Dolan (Film director) celebrated her 17th birthday in Minnesota with 20 of her closest friends. They listened to pop music and traded jokes. When the group broke out into “Happy Birthday to You,” Eleanor pulled a slice of cookie cheesecake close in front of her and pretended to blow out the toothpick she had substituted for a candle on top.
Then, she blew lightly on her computer screen. Miles away, her friends extinguished candles atop baked goods in front of them. The party was taking place over Zoom, a video calling app. Eleanor’s father briefly popped into her screen to take a photo.
Teenagers have jokingly referred to themselves as “Zoomers” online for years; now the name is literal. Overnight, Zoom has become a primary social platform for millions of people, a lot of them high school and college students, as those institutions move to online learning.
But Zoom facing privacy issues allegations-
Zoom is facing a huge privacy and security issues as security experts, privacy advocates, lawmakers, and even the FBI warn that Zoom’s default settings aren’t secure enough. Zoom now risks becoming a victim of its own success.
Zoom has battled security and privacy concerns before. Apple was forced to step in and silently remove Zoom software from Macs last year after a serious security vulnerability let websites hijack Mac cameras. In recent weeks, scrutiny over Zoom’s security practices has intensified, with a lot of the concern focused on its default settings and the mechanisms that make the app so easy to use.
Each Zoom call has a randomly generated ID number between 9 and 11 digits long that’s used by participants to gain access to a meeting. Researchers have found that these meeting IDs are easy to guess and even brute forceable, allowing anyone to get into meetings.
Part of this ease of use has led to the “Zoombombing” phenomenon, where pranksters join Zoom calls and broadcast porn or shock videos. At fault here are Zoom’s default settings which don’t encourage a password to be set for meetings, and allow any participants to share their screen. Zoom adjusted these default settings for education accounts last week, “in an effort to increase security and privacy for meetings.” For everyone else, you’ll need to tweak your Zoom settings to ensure this never happens.
Zoombombing was the first of many recent Zoom security and privacy concerns, though. Zoom was forced to update its iOS app last week to remove code that sent device data to Facebook. Zoom then had to rewrite parts of its privacy policy after it was discovered that users were susceptible to their personal information being used to target ads. User information is also reportedly being leaked because of an issue with how Zoom groups contacts.
A tech website Motherboard also reported that the iOS app shares user data with Facebook.
Some Major Points raised by privacy and security experts-
Zoom bombing
Anyone can “bomb” a public Zoom meeting if they know the meeting number, and then use the file-share photo to post shocking images, or make annoying sounds in the audio. The FBI even warned about it a few days ago.
The host of the Zoom meeting can mute or even kick out troublemakers, but they can come right back with new user IDs.
How to avoid Zoom bombing?
Best way to avoid Zoom bombing is to not share Zoom meeting numbers with anyone but the intended participants. You can also require participants to use a password to log into the meeting.
Windows password stealing
Zoom meetings have side chats in which participants can sent text-based messages and post web links.
But according to Twitter user @_g0dmode and Anglo-American cybersecurity training firm Hacker House, Zoom makes no distinction between regular web addresses and a different kind of remote networking link called a Universal Naming Convention (UNC) path. That leaves Zoom chats vulnerable to attack.
If a malicious Zoom bomber slipped a UNC path to a remote server that he controlled into a Zoom meeting chat, an unwitting participant could click on it.
The participant’s Windows computer would then try to reach out to the hacker’s remote server specified in the path and automatically try to log into it using the user’s Windows username and password.
The hacker could capture the password “hash” and decrypt it, giving him access to the Zoom user’s Windows account.
Solution-
Yuan’s blog post says Zoom has now fixed this problem.
Windows malware injection
The same flaw also lets a hacker insert a UNC path to a remote executable file into a Zoom meeting chatroom.
If a Zoom user running Windows clicks on it, a video posted by Baset showed, the user’s computer will try to load and run the software. The victim will be prompted to authorize the software to run, which will stop some hacking attempts but not all.
Solution-
If the UNC filepath issue is fixed, then this should be as well.
iOS profile sharing-
Zoom sent iOS user profiles to Facebook as part of the “log in with Facebook” feature in the iPhone and iPad Zoom apps.
Solution-
Zoom said it updated the iOS apps to fix this.
There are so many security and privacy issues is with zoom app as per the experts.
But Now Zoom said-
Founder Eric Yuan clarified in his blog that the protocols and processes for implementing features that share data with Facebook were being reviewed by the company.
“Zoom takes its users’ privacy extremely seriously. We would like to share a change that we have made regarding the use of Facebook’s SDK. We originally implemented the Login with the Facebook feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform, therefore we decided to remove the Facebook SDK in our iOS client. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so,
Zoom App alternative-
If you have concern with zoom privacy and security issues you can check out these apps which can be a good alternative of zoom app.
1. FaceTime
Apple’s FaceTime is a perfect alternative to Zoom but it have one major condition that all participants using an apple device.
Facetime have good video and audio quality and sometimes better than zoom.
Unlike Zoom, FaceTime uses end-to-end encryption, which means even Apple doesn’t have the key to view your chats, according to Apple.
2. Signal
Signal is a highly private and secure app. Think of it as a WhatsApp alternative, and like WhatsApp, Signal offers video functionality. As with Apple’s FaceTime, Signal is protected by end-to-end encryption, powered by the open source Signal Protocol.
But as is often the case with highly secure apps such as Signal, it does lack some functionality. Unlike Zoom, Signal doesn’t support group chats.
3. Microsoft Teams
Microsoft Teams is the video meeting choice for businesses using Office 365. It “enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest,” according to Microsoft.
4. Houseparty
Houseparty isn’t super secure, but it’s very functional for casual chats and you can lock it down.
5. Jitsi
Jitsi is my favourite app for video calling and group discussions.
Jitsi is a very cool and secure open source app that’s recently launched to the market. It offers multiple video chatting features, and people joining your chat don’t have to create an account.
All information that leaves your device is encrypted but again, it’s not end-to-end encrypted, and I have found the app can become a little jittery when multiple people join the chat. Still, it’s improving all the time, and is certainly something to try out if you are looking at an alternative to Zoom.
Conclusion –
No video chat apps is perfect, but they can each be used for different purposes.
Facetime is best for apple devices
If you have large number of people you can go with Houseparty
But my personal favourite is Jitsi because it`s an open source secure app.
Some of you can say why I don`t mentioned the `skype’ in the zoom`s alternative but in my personal experience skype needs more powerful internet connection than any other app .
But it’s very stable, supports large group chats, you don’t need an account to use it, and it’s easy to create your own meeting and control who’s allowed in. One caveat though: Although video calls are encrypted, Skype isn’t end-to-end encrypted, so for those super sensitive calls, you are better with an option such as Signal.
You can use zoom but if you have any privacy issues you can use any best alternative app.
But keeping Privacy online in today`s era is very difficult because whenever you sign up for many applications which we all need for our daily works they takes your privacy.
Thanks for reading this article.
Hope you like this article please share this article.
References-
https://www.indiatoday.in/technology/news/story/zoom-becomes-most-downloaded-android-app-in-india-dethrones-whatsapp-tiktok-1661635-2020-03-31
https://www.theverge.com/2020/4/1/21202584/zoom-security-privacy-issues-video-conferencing-software-coronavirus-demand-response
https://www.tomsguide.com/news/zoom-security-privacy-woes
https://www.forbes.com/sites/kateoflahertyuk/2020/04/04/zoom-alternatives-5-options-for-people-who-care-about-security-and-privacy/#720f6ff5371f
Zoom (A video conferencing app) becomes the most-downloaded Android app in India during coronavirus lockdown.
On Google Play Store in India version, Zoom’s Android app was at the top of the charts followed by TikTok, UVideo, Google Pay, Instagram and WhatsApp under the “top free” apps section.
Zoom ( The Silicon Valley-based Startup) is one of the tech companies that has hugely benefitted from the coronavirus pandemic.
With more and more people working from home, Zoom became the sought after app as it specializes in remote working and video conferencing software.
Zoom has been preparing for this moment since the new coronavirus began spreading in China in January.
Its iOS app became the top free download in Apple’s App Store recently.
College students across the country are going on Zoom blind dates.
On Sunday afternoon, Eleanor Dolan (Film director) celebrated her 17th birthday in Minnesota with 20 of her closest friends. They listened to pop music and traded jokes. When the group broke out into “Happy Birthday to You,” Eleanor pulled a slice of cookie cheesecake close in front of her and pretended to blow out the toothpick she had substituted for a candle on top.
Then, she blew lightly on her computer screen. Miles away, her friends extinguished candles atop baked goods in front of them. The party was taking place over Zoom, a video calling app. Eleanor’s father briefly popped into her screen to take a photo.
Teenagers have jokingly referred to themselves as “Zoomers” online for years; now the name is literal. Overnight, Zoom has become a primary social platform for millions of people, a lot of them high school and college students, as those institutions move to online learning.
But Zoom facing privacy issues allegations-
Zoom is facing a huge privacy and security issues as security experts, privacy advocates, lawmakers, and even the FBI warn that Zoom’s default settings aren’t secure enough. Zoom now risks becoming a victim of its own success.
Zoom has battled security and privacy concerns before. Apple was forced to step in and silently remove Zoom software from Macs last year after a serious security vulnerability let websites hijack Mac cameras. In recent weeks, scrutiny over Zoom’s security practices has intensified, with a lot of the concern focused on its default settings and the mechanisms that make the app so easy to use.
Each Zoom call has a randomly generated ID number between 9 and 11 digits long that’s used by participants to gain access to a meeting. Researchers have found that these meeting IDs are easy to guess and even brute forceable, allowing anyone to get into meetings.
Part of this ease of use has led to the “Zoombombing” phenomenon, where pranksters join Zoom calls and broadcast porn or shock videos. At fault here are Zoom’s default settings which don’t encourage a password to be set for meetings, and allow any participants to share their screen. Zoom adjusted these default settings for education accounts last week, “in an effort to increase security and privacy for meetings.” For everyone else, you’ll need to tweak your Zoom settings to ensure this never happens.
Zoombombing was the first of many recent Zoom security and privacy concerns, though. Zoom was forced to update its iOS app last week to remove code that sent device data to Facebook. Zoom then had to rewrite parts of its privacy policy after it was discovered that users were susceptible to their personal information being used to target ads. User information is also reportedly being leaked because of an issue with how Zoom groups contacts.
A tech website Motherboard also reported that the iOS app shares user data with Facebook.
Some Major Points raised by privacy and security experts-
Zoom bombing
Anyone can “bomb” a public Zoom meeting if they know the meeting number, and then use the file-share photo to post shocking images, or make annoying sounds in the audio. The FBI even warned about it a few days ago.
The host of the Zoom meeting can mute or even kick out troublemakers, but they can come right back with new user IDs.
How to avoid Zoom bombing?
Best way to avoid Zoom bombing is to not share Zoom meeting numbers with anyone but the intended participants. You can also require participants to use a password to log into the meeting.
Windows password stealing
Zoom meetings have side chats in which participants can sent text-based messages and post web links.
But according to Twitter user @_g0dmode and Anglo-American cybersecurity training firm Hacker House, Zoom makes no distinction between regular web addresses and a different kind of remote networking link called a Universal Naming Convention (UNC) path. That leaves Zoom chats vulnerable to attack.
If a malicious Zoom bomber slipped a UNC path to a remote server that he controlled into a Zoom meeting chat, an unwitting participant could click on it.
The participant’s Windows computer would then try to reach out to the hacker’s remote server specified in the path and automatically try to log into it using the user’s Windows username and password.
The hacker could capture the password “hash” and decrypt it, giving him access to the Zoom user’s Windows account.
Solution-
Yuan’s blog post says Zoom has now fixed this problem.
Windows malware injection
The same flaw also lets a hacker insert a UNC path to a remote executable file into a Zoom meeting chatroom.
If a Zoom user running Windows clicks on it, a video posted by Baset showed, the user’s computer will try to load and run the software. The victim will be prompted to authorize the software to run, which will stop some hacking attempts but not all.
Solution-
If the UNC filepath issue is fixed, then this should be as well.
iOS profile sharing-
Zoom sent iOS user profiles to Facebook as part of the “log in with Facebook” feature in the iPhone and iPad Zoom apps.
Solution-
Zoom said it updated the iOS apps to fix this.
There are so many security and privacy issues is with zoom app as per the experts.
But Now Zoom said-
Founder Eric Yuan clarified in his blog that the protocols and processes for implementing features that share data with Facebook were being reviewed by the company.
“Zoom takes its users’ privacy extremely seriously. We would like to share a change that we have made regarding the use of Facebook’s SDK. We originally implemented the Login with the Facebook feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform, therefore we decided to remove the Facebook SDK in our iOS client. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so,
Zoom App alternative-
If you have concern with zoom privacy and security issues you can check out these apps which can be a good alternative of zoom app.
1. FaceTime
Apple’s FaceTime is a perfect alternative to Zoom but it have one major condition that all participants using an apple device.
Facetime have good video and audio quality and sometimes better than zoom.
Unlike Zoom, FaceTime uses end-to-end encryption, which means even Apple doesn’t have the key to view your chats, according to Apple.
2. Signal
Signal is a highly private and secure app. Think of it as a WhatsApp alternative, and like WhatsApp, Signal offers video functionality. As with Apple’s FaceTime, Signal is protected by end-to-end encryption, powered by the open source Signal Protocol.
But as is often the case with highly secure apps such as Signal, it does lack some functionality. Unlike Zoom, Signal doesn’t support group chats.
3. Microsoft Teams
Microsoft Teams is the video meeting choice for businesses using Office 365. It “enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest,” according to Microsoft.
4. Houseparty
Houseparty isn’t super secure, but it’s very functional for casual chats and you can lock it down.
5. Jitsi
Jitsi is my favourite app for video calling and group discussions.
Jitsi is a very cool and secure open source app that’s recently launched to the market. It offers multiple video chatting features, and people joining your chat don’t have to create an account.
All information that leaves your device is encrypted but again, it’s not end-to-end encrypted, and I have found the app can become a little jittery when multiple people join the chat. Still, it’s improving all the time, and is certainly something to try out if you are looking at an alternative to Zoom.
Conclusion –
No video chat apps is perfect, but they can each be used for different purposes.
Facetime is best for apple devices
If you have large number of people you can go with Houseparty
But my personal favourite is Jitsi because it`s an open source secure app.
Some of you can say why I don`t mentioned the `skype’ in the zoom`s alternative but in my personal experience skype needs more powerful internet connection than any other app .
But it’s very stable, supports large group chats, you don’t need an account to use it, and it’s easy to create your own meeting and control who’s allowed in. One caveat though: Although video calls are encrypted, Skype isn’t end-to-end encrypted, so for those super sensitive calls, you are better with an option such as Signal.
You can use zoom but if you have any privacy issues you can use any best alternative app.
But keeping Privacy online in today`s era is very difficult because whenever you sign up for many applications which we all need for our daily works they takes your privacy.
Thanks for reading this article.
Hope you like this article please share this article.
