How Zoom Security is Evolving
In the current era of the COVID-19 pandemic and remote learning, Zoom video conferencing software is commonly used by schools, religious organizations, clubs and more. But is Zoom really safe and secure? The video conferencing software has faced much scrutiny and had to make many security updates in the past few months to accommodate the influx of users due to life being moved online.
In its most recent security update, Zoom stated that “starting Sept. 27, Zoom will require that all meetings have a Passcode or a Waiting Room enabled for accounts with a single licensed user, Pro accounts with 2 or more licenses and Business accounts with 10-100 licenses.” This is to ensure that all meetings are protected against hackers and other users who are trying to “Zoom bomb” these meetings. Most recently, Zoom added two-factor authentication as an account security option, giving users the power to keep their accounts safe from other entities coming into their meetings and taking over.
So what data does Zoom collect? Zoom’s official security and privacy website states that they collect meeting participants’ basic technical information, such as the user’s IP address, OS details and device details, as well as basic information including email address, user password and first and last name.
Zoom is certified in security and privacy by SOC 2 (Type II), FedRAMP (Moderate), GDPR, CCPA, COPPA and is FERPA and HIPAA compliant (with BAA). Zoom’s security controls also align with the UK National Cyber Security Centre’s (NCSC) cloud security principles. They have never and do not have any future intentions to sell information to advertisers or to monitor meetings and their content. Account admins or meeting hosts can also require that all recordings of meetings are accompanied by a pop-up notice to attendees that a recording is taking place, and there is a visual indicator when recording is on. This allows people who do not consent for recording to leave these meetings as soon as they join.
The Zoom web interface was out of commission for a few days back in April 2020 to fix a very serious security flaw that could have let anyone join a private Zoom meeting. British security researcher Tom Anthony detailed on his blog how he found that he could make endless random guesses on the six-digit PINs that Zoom assigns to private meetings. That's close to a million possibilities to go through, which might be tough for a human, but isn't hard for a PC running multiple threads of code to try and crack into the system. Zoom saw this information and has since added more security options for meetings such as the aforementioned two-factor authentication and passwords.
Zoom as a company has been working every day to make its software more secure and private. Their dedication to fixing problems quickly and protecting users’ privacy throughout the recent months have proven their ability as a company to succeed despite the many obstacles they have faced since quarantine started in March. They are trying their best to make sure students learn effectively and that their software is used in the safest way possible.
By Freya Dahlgren, Contributing Writer