LAS VEGAS (KLAS) — As more and more of the workforce follows social distancing guidelines to prevent the spread of COVID-19, companies are relying on video conferencing to conduct business. With the high usage of virtual meetings, reported hacks have also increased.
One of the popular virtual meeting services, Zoom cloud meeting platform itself went from having 10 million daily users to almost 100 million within 3 months – making it also one of the most vulnerable services out there for hackers.
Hacks on popular cloud meeting platform Zoom are even being termed “Zoom-bombing.”
While many celebrate the advances in technology that make cloud meetings possible, hijackings have led to major security and privacy concerns from platform users.
HOW TO PROTECT YOURSELF:
The FBI recently warned users of teleconference and video meeting software hijackings, stating unidentified users have begun to take over virtual conferences, interrupting them with pornographic imagery, hate speech or threatening language.
The FBI recommends exercising due diligence and caution in cybersecurity efforts.
8 News Now’s Live Producer, Rocky Nash, spoke with Maya Levine, Security Engineer with Check Point Software to gather safety tips you can implement for your next virtual meeting.
Among some of the services the company provides is securing a remote workforce, as well as connection reliability and protecting the remote workforce.
Levine pointed out that both free Zoom accounts and licensed paid accounts have reported being hacked and said it is important users protect themselves by planning ahead and enabling the security features already built into the software.
Updating software as soon as the company releases an update was at the top of her recommendations because each update includes security patches to possible vulnerabilities discovered or reported by other users.
Check Point Software 8 Most Important Safety Tips for Zoom Users:
- Never share your permanent meeting ID on public sites or social media platforms. Only send this nine to ten-digit code to guests who will be participants in your meeting. This ID never changes so if compromised it makes you vulnerable to hacking.
- If you host regular meetings with trusted contacts and must use your permanent Meeting ID, add a password to your meeting an extra layer of security and only forward the email invite and meeting password to trusted sources. Without the password, uninvited guests can’t join
- Allow the Zoom platform to generate a random ID and password for each new meeting.
- Only allow signed-in users to join your meeting. With this feature turned on, unauthorized users won’t be able to join. Participants will have to enter the email address they were invited to the meeting with
- Turn on the waiting room feature to manually screen and accept participants into a meeting
- Keep your Zoom software up to date. With every update, security vulnerabilities that may have been discovered are patched within each new security update
- Manage your participants by muting guests on entry and turning off the ability for participants to share their screen if you will be the only hosting presenter
- Once all invited participants have arrived lock the meeting
Zoom Founder and CEO, Eric Yuan posted the following statement on April 1 regarding changes being made to the platform to add an extra layer of protection for their users:
“March this year, we reached more than 200 million daily meeting participants, both free and paid. We have been working around the clock to ensure that all of our users – new and old, large and small – can stay in touch and operational.
For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.
First, some background: our platform was built primarily for enterprise customers – large institutions with full IT support. These range from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare organizations, and telemedicine practices. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment.
However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.
These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones. We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better, both as a company and for all its users.
We take them extremely seriously. We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future.
But before I lay out how we intend to improve, I want to share what we have done so far… (listed below)
Transparency has always been a core part of our culture. I am committed to being open and honest with you about areas where we are strengthening our platform and areas where users can take steps of their own to best use and protect themselves on the platform.
We welcome your continued questions and encourage you to provide us with feedback – our chief concern, now and always, is making users happy and ensuring that the safety, privacy, and security of our platform is worthy of the trust you all have put in us.
Together, let’s build something that can truly make the world a better place!– Eric S. Yuan, Founder and CEO, ZOOM
Zoom listed further updates made to the platform to enhance security and educate new users on how to best utilize their conferencing platform.
- Training sessions and tutorials, as well as free interactive daily webinars to help familiarize users with Zoom.
- Zoom says they are taking several steps to minimize customer support wait times when they reach out with questions.
Zoom says they are working to actively and quickly address specific issues and questions that have been raised.
- On March 20th, they published a blog post to help users address incidents of harassment, so-called “Zoom-bombing”, on the platform by clarifying the protective features that can help prevent this, such as waiting rooms, passwords, muting controls, and limiting screen sharing.
- On March 27th, they took action to remove the Facebook SDK in iOS client and have reconfigured it to prevent it from collecting unnecessary device information from our users.
- For education users, they:
- Rolled out a guide for administrators on setting up a virtual classroom.
- Set up a guide on how to better secure their virtual classrooms.
- Changed the settings for education users enrolled in our K-12 program so virtual waiting rooms are on by default.
- Changed the settings for education users enrolled in our K-12 program so that teachers by default are the only ones who can share content in class.
- On April 1, they:
- Published a blog to clarify the facts around encryption on our platform – acknowledging and apologizing for the confusion.
- Permanently removed the attendee attention tracker feature. (updated 4/2 to clarify that it’s permanently removed)
- Released fixes for both Mac-related issues raised by Patrick Wardle.
- Released a fix for the UNC link issue.
- Permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature. (updated 4/2 to clarify that it’s permanently removed)
Over the next 90 days, the company states they are committed to dedicating the resources needed to better identify, address, and fix issues proactively. They will begin hosting a weekly webinar on Wednesdays at 10 a.m. PST to provide privacy and security updates to our community.
For a quick reminder of tips to implement to protect your next Zoom meeting, please view the short video clip below.
Since this interview, Zoom released the following update, effective immediately:
- Starting April 4th, Zoom has chosen to enable passwords on meetings and turn on “waiting rooms” by default as additional security enhancements to protect your privacy. (The waiting room is a virtual staging area that prevents people from joining a meeting until the host is ready.)
Check Point Software provides businesses of all sizes with the ability to ensure best-in-class connectivity and security, allowing your workforce to remain as productive as possible with the latest data and network security protection.