After two weeks of privacy scandals, news of “Zoom bombing” and user data being sent to China, it’s ... [+]
It’s easy to feel sorry for Zoom. After two weeks of privacy scandals, news of “Zoom bombing” and user data being sent to China, it’s now emerged that thousands of Zoom videos are available online for anyone to see.
The videos include sensitive chats such as business meetings and sessions with therapists–and even nudity, the Washington Post reported. It’s a shocking revelation, so how on earth has this happened?
Unsecured cloud storage left Zoom videos exposed
It appears the Zoom videos, which were recorded through the app’s software, were saved to a storage space that wasn’t protected by a password. The recorded videos can be found by anyone searching online due to the way they were named by Zoom. The security researcher who found the issue, Patrick Jackson, found 15,000 examples when he scanned the unsecured cloud storage.
Zoom allows users who pay for the service to record meetings and save them to its own cloud service. These aren’t affected–rather, it’s videos saved to a person’s computer and then uploaded to a non-Zoom cloud service. When these services are left open, anyone can download the meetings–which themselves are easily searchable because they all have the same file name.
Now, you might think that Zoom isn’t at fault for this–surely it can’t help what people are doing when not using its own cloud service? Not exactly: Part of the problem is caused by the fact that Zoom does not force you to create a unique file name when saving videos. This is an issue that needs to be sorted out pretty quickly.
A Zoom spokesperson emailed me a statement, which reads: “Zoom notifies participants when a host chooses to record a meeting, and provides a safe and secure way for hosts to store recordings. Zoom meetings are only recorded at the host’s choice either locally on the host’s machine or in the Zoom cloud.
“Should hosts later choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants' reasonable expectations.”
What Zoom users should do
So, after this latest security snafu, what should Zoom users do? It’s a difficult question, and unfortunately one that doesn’t have a straight answer. Lots of people need to use Zoom–it’s a highly functional platform–and if your boss, teacher or therapist uses it, you are at their mercy.
That’s why I wrote an article about how to secure Zoom as much as possible.
I wouldn’t recommend Zoom for sensitive chats, it’s better to use a more secure alternative such as Signal, or FaceTime.
“If you are using a video conferencing platform for anything sensitive such as therapy, privacy and security should be your first thought,” says ESET cybersecurity specialist Jake Moore.
He points out that Zoom has recently added many such features and the password function is now enabled default.
Zoom has seen a surge in user numbers over the past few months as COVID-19 left half the world working from home. The firm is trying to do better, but it’s important to try and take control of your own security and privacy too.
