Are there hidden dangers in the Zoom boom?

Are there hidden dangers in the Zoom boom? From publicans to Pilates teachers and even the Prime Minister, millions are now using the video calling app Zoom. But there are fears over how it uses your data, writes RICHARD PENDLEBURY

Along with millions of people around the world, Boris Johnson likes to Zoom. 

On Tuesday our Covid-19 stricken, self-isolating Prime Minister posted a photograph on Twitter showing a cabinet meeting he had conducted remotely, using Zoom, the video conferencing application.

There on his desktop computer screen were all the senior members of his government — Dominic Raab, Priti Patel, Matt Hancock et al. — peering back at him from their home studies. It looked a little like a Westminster version of Celebrity Squares.

Mr Johnson was only following the example of private citizens, businesses, schools and institutions globally who have signed up to Zoom since the start of social-distancing due to the coronavirus crisis.

Along with millions of people around the world, Boris Johnson likes to Zoom, writes Richard Pendlebury

Can’t meet your personal trainer or go to gym class? Don’t worry, there will be a workout or Pilates session somewhere out there on Zoom, which you will be able to watch and take part in from home, via your phone or computer.

Miss your local pub’s Monday night quiz? It’s okay, the landlord has used Zoom to project it into cyberspace.

Zoom is a cloud-based video conferencing service that virtually connects people either via video or audio calls. It can be used on both your desktop and smartphone for your convenience. 

Once you’ve created an account using your email, you’re good to go. Each meeting has a special, unique code which the host can use to invite others to join the ‘Zoom room’.

Zoom is the pandemic business phenomenon. It was founded in 2011 by the Chinese-born software engineer Eric Yuan. Growth has been steady until recently when it went crazy. 

With only one quarter of 2020 gone, the application has already attracted more sign-ups this year than it did for all of 2019 — and has been downloaded more than 50 million times on the Google App store alone.

The app-tracking firm Apptopia said Zoom was downloaded 2.13 million times worldwide on 23 March, the day lockdown began in the UK — up from 56,000 a day two months earlier.

There on his desktop computer screen were all the senior members of his government

The latest figures from the United States suggest that average Zoom user numbers were nearly three times those of its closest Microsoft-owned rival, Teams.

Zoom’s share price has doubled since the end of January while much of the rest of the Wall Street stock market has tanked because of lockdown. It is now worth a huge $38.5 billion (£31.1 billion).

Yet for most of us casual users the app remains free. You can chat or hold a meeting with up to 100 users for 40 minutes without paying Mr Yuan a penny. He has even raised that time limit for schools in the UK, Canada and Germany, so that teaching can continue.

If that’s no good for you, you’ll have to sign up for one of the paid plans on offer. Pricing starts from £11.99 per month per host, and includes perks such as recording meetings and customer support.

But there is a catch; a cloud spreading across Zoom’s otherwise brilliant horizons. Yes, Zoom is bringing us together in these unprecedented circumstances. But at what cost to our computer security and privacy?

When it was revealed last week that Number 10 was using Zoom, shock was expressed by some in the cyber security world, thanks to a number of issues and allegations that have arisen recently.

Last month, Ministry of Defence employees were warned that Zoom use was being suspended while ‘security implications that come with it’ were investigated. A decision will soon be made on whether or not to continue.

A source told the Press Association: ‘It is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive government meeting like that of the Prime Minister’s cabinet is being conducted over it.’

Dr Andrew Dwyer, a cyber security expert at the University of Bristol, tweeted: ‘This is not okay. I doubt the National Cyber Security Centre would be happy, if not mortified, by this.’

Such worries about Zoom’s security are echoed in America. On Monday, the New York attorney general’s office wrote to Zoom to express ‘concerns that the app’s security measures might not be sufficient for its increased traffic.’ 

So what are the issues surrounding the world’s most popular self-isolation-beating tool?

Zoom is a cloud-based video conferencing service that virtually connects people either via video or audio calls (stock image)

So-called ‘Zoom-bombing’ is one of the more colourful problems. Indeed, there have been ‘multiple’ reported instances of hackers attempting to disrupt video conference meetings. On Monday the FBI said that two schools in Massachusetts had been victims of Zoom-bombing last month.

One hacker dialled into a high school class conducted using Zoom and ‘yelled a profanity and then shouted the teacher’s home address,’ the FBI said.

In another incident, someone accessed a Zoom meeting and showed swastikas on a video.

Such disruption is easy when a link with an invitation to a meeting is publicised on social media.

The video conferences can be protected by a unique password number, known only to those invited to join. Of course this can be circumvented if the password is also put onto social media.

This happened with the photograph of Boris Johnson’s Zoom meeting, where the password ID number can be seen in the top left hand corner of his screen. By then however, the meeting was over.

Other security measures, such as locking the meeting once it starts, and only allowing the host to control screen sharing, should further prevent hacking.

But questions have also been asked about personal privacy within even a secure, work-related Zoom meeting.

The tool has an ‘attendee attention tracker’ device, which allows ‘the host’ — your boss perhaps — to monitor whether you are fully focused on the Zoom meeting.

So if, for more than 30 seconds, you look at a different computer page, Big Brother — or Sister — will be made aware through an on screen indicator. You have ceased to be ‘in focus’, to use the Zoom jargon. This is regardless of whether you are taking notes or checking your email.

Zoom has also been accused of data collection and sharing abuses. This week a class action was launched against the company for sending data on to Facebook. 

The lawsuit argues that Zoom violated California’s new data protection law by not obtaining proper consent from users about the transfer of the data.

The company has been accused of collecting data and sharing personal details with third parties. Yet in the ‘privacy’ section of the Zoom website, it is stated: ‘We do not sell your data.’

Further down, though, the assurance is fudged. ‘Zoom does use certain standard advertising tools on our marketing sites which, provided you have allowed it in your cookie [information from previous web searches] preferences, sends personal data to the tool providers, such as Google,’ it states.

‘This is not a ‘sale’ of your data in the sense that most of us use the word sale. However, California’s CCPA law has a very broad definition of ‘sale’. Under that definition, when Zoom uses the tools to send the personal data to the third-party tool providers, it may be considered a ‘sale’.’

Further brickbats were hurled last year when it was revealed that a software glitch potentially allowed ‘malicious websites to take over your Mac’s camera without ever alerting you’. This was fixed by Zoom engineers.

Meanwhile, the UK’s National Cyber Security Centre (NCSC) has pronounced that there is no security reason for Zoom not to be used for conversations ‘below a certain classification’. Zoom has responded with a strong defence.

‘Globally, 2,000 institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare and telemedicine practices have done exhaustive security reviews of our user, network and data centre layers confidently selecting Zoom for complete deployment,’ a statement said.

Those titans are now being joined by you, me and millions of others. Let’s hope that the Kremlin, Beijing or some hacker are not listening in. 

Source: Read Full Article