Zoom is a video calling tool. The company was started
Since the lockdown began, many more people started using Zoom for their
video calls. This included company meetings, governments giving information to
media, and of course, online classes. The users of Zoom went from 15 million to
200 million in a matter of days.
However, very soon, people started noticing that some uninvited members
were in the meetings. This is called Zoomboming.
This made people realise that Zoom is not completely safe.
March
31st: How Trouble Began
In
2019, some problems were found with security on the Zoom platform. The company
moved to fix those.But on March 31st, Zoom was sued by a user in a class action suit when the user realised that Zoom was sharing information with Facebook without informing users. Motherboard was the research company that found that this was happening.
What is a Class
Action Suit?
Some
of you must have seen the movie, Erin Brokovich. In this movie, a lady realises
that a gas company is poisoning the ground water. She then files a case on
behalf of the entire community, and wins. This is a class action suit. In
short, when one person fights on behalf of
an entire group
(class) of people, it is called a class action suit.
Why do companies
not like Class Action Suits?
Let’s think
about why a company would not like class action suits. I have two guesses:
- A class
action suit means that the company hurt a LOT of people, not just one or
two.
- The penalty
is typically much, much higher in a class action suit. For instance, if
there are 300 people in a class, and the court gives damages of 1 million
each, that is 300 million for the company. In the real Erin Brokovich
case, the damages were $333 million for 634 people.
April 3rd:
Data routed through China: Countries and Companies advise staff to not use Zoom
On April 3rd,
another security research firm, Citizen Labs, figured out that some Zoom chats
were being routed through servers based in China. Now, China has a strange law.
The Chinese government can ask to read any content on any server in China.
Not only that,
according to local laws, any calls that start in North America, Australia, or
Europe MUST use a server in the same country. This requirement, of keeping our
data in our own location, is called geofencing. By routing calls through
servers in China, Zoom was breaking the law in all these places.
Immediately,
Taiwan banned the use of Zoom. And they were not alone. SpaceX had already
banned Zoom, and at the time of going to press, we know of at least 10 other
companies that have done the same thing.
April 5th:
Passwords mandatory for all meetings
On April 5th,
Zoom made it necessary for anyone entering a meeting to type a password. This
was to reduce zoombombing.
April 7th:
Another Class Action Suit
On this day, an investor filed a second class action suit against
Zoom. This time, it was for all the shareholders.
The
thing is, Zoom said that it is end-to-end encrypted. Which means that what you
say or share on Zoom cannot be hacked. Turns out, it was not.
The
shareholders, led by Michael Drieu, thought that was not right, and they had
been lied to.
April 8th:
The announcement of Alex Stamos and the Singapore Incident
Finally, on
April 8th, Zoom announced that it has created a specialist panel for
security. This panel includes Alex Stamos. Alex was the head of security and
privacy at Facebook. He is well known and well respected in the community. Zoom
believed that this will help.
Unfortunately,
on the same day, in Singapore, a zoombomber showed bad pictures to students who
were attending an online class.
April 9th:
Zoom creates new ‘Security’ tab
This will be
available to meeting hosts and co-hosts. Using this, the hosts can:
- Lock the
meeting: No one else can enter the meeting.
- Remove
Participants: Anyone who is not a valid participant or a disruptive
person.
- Stop
participants from sharing screens, videos, etc.
April 10th:
Singapore bans Zoom for all online classrooms
On April 10th,
Singapore joined Germany, Malaysia, and Taiwan in placing restrictions on the
use of Zoom. Zoom was banned for all online learning in schools.
They were not
alone. By this time, Google, Microsoft, and others had advised their employees
against the use of Zoom.
April 13th:
The US Military cannot use Zoom any more
On April 13th,
the US Military joined the growing number of organisations who cannot use Zoom
any more.
April 14th:
500,000 Zoom account details for sale, some for free
People who love
to hack also love getting other people’s passwords. As we have explained
earlier in our editions, there is a market where people sell these stolen passwords.
Security firm Cyble reported that it has found 500,000 accounts for sale
online. Some of them are being sold for free, and others are for as little as
15 paise per record.
The security
company called up over 240 people and confirmed that the password details were
right.
April 15: Zoom Security Practices
Here are some
security practices that you should use while using Zoom.
- The no. 1
reason that people are able to do Zoombombing easily is that people share
the meeting URL with their friends. Please don’t do this. (url: The web
address of every page on the internet. It is what you type in your browser
to reach that page. It stands for Universal Resource Allocator.)
- If you are
the host, you can lock the meeting after all the attendees have joined.
This new security feature will ensure that no one can disrupt the meeting.
3. Keep the app
updated. Zoom is likely to move fast on security and keeping the app updated
will ensure that we have all the security features that we need.
Well, that was our story on
Zoom. We hope you enjoyed reading it.
0 comments:
Post a Comment