In 2011, Eric Yuan founded Zoom as a way out for professionals to conduct the meetings. When he created the app, it wasn’t meant for a very broad user interface. Though many people mostly professionals used it for business meetings and such, the recent demand grew unexpectedly.
Last year, Zoom witnessed around 10 million Zoom meetings daily. But, after the COVID-19 pandemic, Zoom now successfully holds 200 million meetings every day. The company didn’t expect a sudden rise in the number of users which led to some malfunctioning of the app. The chief executive of Zoom said that they weren’t ready for such a large number of users. This is the main reason why the security system has become vulnerable. But, the company is trying to repair all the glitches at the earliest.
Both parties are facing problems
Before the outbreak of novel coronavirus, Zoom worked fine. The company didn’t see it coming and now it has shaken the security system. After the coronavirus has caused lockdown in almost every part of the world, most people are using zoom. From attending the business meeting to attending college lectures, Zoom is now the platform for every social interaction.
The company needed time to absorb the sudden load. But, it seems to have fallen even though they worked around the clock and tried to keep things together. Eric said that he is extremely sorry and trying to resolve the glitch as soon as possible. And, till then there will be a 90 days freeze for any new features that Zoom planned to release.
Working with a weak security system is not easy. A user’s privacy is also getting compromised which has led to rising allegations against Zoom. Some of the issues that the users are raising are sending user data to Facebook, claiming that the app has end-to-end encryption, etc. The tension has increased even more when Patrick Waddle discovered a major flaw in the app. It has especially made Mac users vulnerable to webcams and microphones.
The introduction of the Automated Tool
Yesterday, security professional, Trent Lo and members of SecKC announced about inventing a program, zWarDial. The program is designed in such a way that it can guess Zoom IDs with a length of 9 to 11 digits. And, IDs of 100 such Zoom meeting can be found within an hour and 2,400 meetings in a single day. Once these IDs are scanned, any relevant information about the meetings will be easily available.
The data will provide information about the date, time, organizer, and topic of the meeting. And, the main reasons why the tool can easily discover these meetings are they aren’t password protected. The developers have put this scenario in front of Zoom asking them to look into the matter. Because there might be high chances that password-by-default is malfunctioning.
But, it is confirmed that zWarDial cannot seek information about the password-protected meetings. So, for the time being, Zoom is requesting every user to password-protect their meetings. Since last year, the company has enabled the feature of the default password unless the admin opts out. If the users want to use their passwords they can go to the Zoom app and do the needful. But, either way, the meetings should be password protected due to the sudden rise in zoombombing, leaking information, etc.
What is Zoombombing?
Zoombombing is referred to as the illegal practice of joining a Zoom meeting without the admin’s permission. The uninvited guests are not only joining the Zoom meetings but also abusing other members, promoting pornography, making racists comments, etc. It is easy for these people to find the links from social media or they just simply guess the 9-digit ID for the meeting. But, this problem doesn’t arise if the meeting is password protected.
Steps were taken to combat it
Eric has taken many steps responding to the rising privacy breach through Zoom meetings. The platform is working to improve its encryption practices and especially remove the code that can share information from the IOS app to Facebook. Eric is also giving priority to the concerning issue for the people using Mac. And, apart from freezing the release of any features for the next 90 days, other steps are taken as well. Such as the company will also prepare a transparency report on data requests and will provide security updates weekly.
Annasha Dey is an NIT student, who apart from studying engineering is also a content writer. She has a great interest in photography, writing, reading novels, and travelling as well. She is a foodie who loves socializing and hanging out with her friends. She is also a trained Kathak dancer and a big fashion enthusiast. Dey also loves watching TV series, which includes F.R.I.E.N.D.S. and Big Bang Theory. To be a better writer she prefers to read more