News Zoom privacy and security issues: Here's everything that's wrong (so far)

[admin]

Nearly a dozen security and privacy problems have been found in Zoom recently. Here's what to know if you're using it.

Zoom privacy and security issues: Here's everything that's wrong (so far) : Read more

 

[anosix]

Helpful article, if a bit generous in assuming Zoom's good intentions and dedication to fixing its glaring flaws. How about the hidden webserver that Zoom installed with its application that allowed remote access to the camera and did not uninstall with the rest of the app? Their explanation was that it was a feature, not a bug... Truly disgraceful.

Also, I'm stuck on some language in the article: What does it mean that Hacker House is an "Anglo-American" cybersecurity training firm? Nobody at my office has been able to figure that one out.

 

[CJonesTech]

Agree with you. Also, as "globalist embracing" as all of us tend (and somewhat need) to be in the global technology industry, we have to be cautious when it comes to security, especially at a time that a virus - COVID-19 (more properly originally named the Wuhan Virus for it's point of origin) became a pandemic and is economically damaging the global economy including our industries.

Zoom disclosed in their original IPO prospectus that most of their product development personnel are based in China. Zoom employs over 500 people across multiple R&D centers in China, which accounts for roughly 30 percent of its total workforce and 70 percent of its non-US-based employees, according to the prospectus. We all know that our Intellectual Property is constantly under attack and being stolen by China. NO ONE DENIES THIS!

Here we have a company delivering the most popular video conferencing service to U.S corporations and personal users and we are expected to trust that 500 of their developers in China are not part of the Chinese state goverment? Sorry folks. Something REALLY STINKS HERE! Be wise, be safe. Choose another provider.

Mr. Yuan has a lot more than some "mea culpa" interviews to do to clean up this mess! And perhaps a higher law enforcement authority (DOJ?) than the State of New York should be looking into these concerns.

 

[goirishcarrs]

My organization has discussed moving to Microsoft Teams. Would be interested in a comparison between Teams and Skype and a comparison between zoom and Teams

 

[Acronym]

On "Zoombombing" or as you refer "War Driving" conference meetings. This is possible on ANY conference facility that doesn't have a password set. That means WebEx, Amazon Chime, AT&T, GlobalMeet... ANY conference that you define and setup without a password. There is an admin console option to enforce this setup in zoom.

Zoom chats are encrypted as long as you configure encryption. This is not true of other chat-enabled conference tools that I know of, such as WebEx's Teams or MS Teams, with which you can get chat data relatively easily in unencrypted form.

Sharing of personal data . The policy was updated to clarify. Lets be clear here, policy does not stop anyone sharing or selling your data. Nobody reads these things either. That's been proven time and again.

 

[PaulWagenseil]

Helpful article, if a bit generous in assuming Zoom's good intentions and dedication to fixing its glaring flaws. How about the hidden webserver that Zoom installed with its application that allowed remote access to the camera and did not uninstall with the rest of the app? Their explanation was that it was a feature, not a bug... Truly disgraceful.

Also, I'm stuck on some language in the article: What does it mean that Hacker House is an "Anglo-American" cybersecurity training firm? Nobody at my office has been able to figure that one out.

The hidden web server on Macs was indeed pretty ridiculous, but we didn't include it here because it was discovered and patched in June 2019, and we're trying to focus on Zoom's current problems. Here's more about the Mac web server: https://www.tomsguide.com/news/ever-used-zoom-your-mac-can-be-spied-on-right-now

Hacker House seems to be run and staffed in both the U.S. and the U.K.. hence "Anglo-American."

 

[PaulWagenseil]

My organization has discussed moving to Microsoft Teams. Would be interested in a comparison between Teams and Skype and a comparison between zoom and Teams

We haven't examined Teams much, because it's geared towards enterprises (including schools), not consumers, and there's no free tier. But we compare it and several other video-conferencing platforms with Zoom here: https://www.tomsguide.com/news/best-zoom-alternatives

 

[Rob_mc_1]

My biggest issue with zoom at the moment is that the permissions you set in your setting of the host account seems to be more like suggestions. Even yesterday, The meeting I setup had private chat enabled when it has been disabled in my settings for the past few weeks. Use personal Meeting ID for scheduling a meeting has been turned off yes it is still an option. The only time I saw it off what when I created a new account a week ago and it was off by default. I turn it on and off again and it has been available ever since.

The most concerning thing I have seen is when my free account managed to pull the profile settings of the host account. I managed to pull its profile pic and was able to by-pass the waiting room. I have my main workstation I use to do my work on and a second work station I'm using to stream. I signed in with the host account to verify the settings the main computer, signed out and logged back in with it on the hosty computer. I then signed in with my free account after and it had the host Profile picture and was able to join the meeting without the waiting room. My Virtual machines still were caught in the waiting room.

I have had an impossible time verifying settings when testing is inconsistent.

 

[rjfoster03]

One thing that needs to be added to the list is ZOOM's billing practices and poor customer support. ZOOM collects money for annual subscriptions, sends an invoice to show that the subscription has been paid, but fails to move the subscriber into the subscription plan they paid to have.

ZOOM handles this by having you call into Billing, wait 22 1/2 minutes on hold listening to an obnoxious piano melody, only to tell you to wait so another 22 1/2 minutes. Once speaking with the answering service, they fail to contact you or resolve the issue.

It's a great way to make money. Collect money online, provide a way for those that are having an issue with no real way to get the issue resolved, and continue with their business as usual.