Last Updated on
As businesses and schools come to a standstill across Australia, both employees and students are being forced to communicate online as working from home becomes the new norm. In the wake of the virus, millions of people are turning to popular video communications apps like Skype and Google Hangouts in order to host important meetings and virtual gatherings as they self isolate in their homes.
One particular app popular among freelancers and small businesses has seen what appears to be an overnight success: Zoom. In just a few months, the service has gone from around 10 million users per day in December 2019, to roughly 200 million worldwide during the COVID-19 pandemic.
As a result of all this new attention, Zoom is facing a massive privacy and security backlash as lawmakers, privacy advocates, security experts, as well as the FBI have cautioned that its default settings are simply not safe enough.
Regrettably, this isn’t the first time Zoom has faced a class-action lawsuit claiming it shared the personal information of its users without their explicit consent.
Zoom’s Critical Security Vulnerabilities
Last year, security researcher Jonathan Leitschuh disclosed a security vulnerability in the Mac Zoom Client that permitted any webpage to perform a denial of service attack (DoS) by frequently forcing users into a call.
What’s more, the vulnerability also allowed any website to add a user to a Zoom meeting without their permission. Put differently, if you currently have (or have previously had) the Zoom app installed on your Mac computer, a website could potentially spy on you.
Another well-known vulnerability known as “Zoom bombing” allows hackers to join private calls uninvited, which could reveal private information shared through the call. To avoid this from happening, Zoom updated its app to allow the meeting host to enable Waiting Rooms during a call.
Hosts can also lock meetings once everyone has entered the call to prevent any unwelcome guests. If someone does manage to enter the call, it can now remove participants and report a suspicious user to Zoom’s Trust & Safety team using the new “Report” button.
Be that as it may, many users still don’t believe this is enough as Zoom’s privacy issues continue to grow.
Zoom’s Privacy Issues Are Growing
In recent months, Zoom Video Communications has leaked the personal information of thousands of users, including private videos, photos, and email addresses.
This occurred due to the “Company Directory” feature that automatically groups users who share the very same email domain. Given that many Zoom users signed up with their personal email address, the app grouped them together with several thousand other users as though they were colleagues working for the same business. In consequence, their private information was exposed to each other, but that isn’t all.
According to an investigation by The Washington Post, thousands of private videos have been stored on the open web, including elementary school classes, business meetings, and one-on-one therapy sessions. The large majority of these private calls contain personal information and private discussions between people in their homes. Others even include nudity.
Zoom Claims It’s Safe for Australian Companies to Use
As a consequence of the latest data leak, legal experts in Australia have encouraged both universities and businesses to proceed with caution when using the video-conference service for online meetings. This comes after a British report found that the private information of Zoom users has been shared with social networking giant Facebook. This information includes their location, device model number, and their unique identifier.
This isn’t the first time Facebook has used personal information for advertising.
As reported by The Daily Telegraph, employees in the United Kingdom using Zoom for meetings could sue their employers if they disagree with how the platform uses their private information. Having said that, under the current Australian laws, employees in Australia may not be able to sue their employers should their personal information be misused.
“We don’t have an equivalent here — we don’t have an act like that which gives people the right to claim damages for the release or misuse of private information and we also don’t have a Human Rights Act which has formed the basis of privacy rights in the UK,” privacy expert and University of Sydney law professor Barbara McDonald said in an interview with The Sydney Morning Herald.
“What we do have here is the common law protection of confidential information, with breaches leading to damages. Some information about employees and students would be confidential. We also have the Privacy Act 1988, which binds Commonwealth agencies and businesses with a turnover of more than $3 million.”
Australian Defence Personnel Have Been Banned From Using Zoom
Despite the recent privacy concerns raised by security experts, Zoom still claims its product is suitable for Australian businesses and agencies. In spite of these claims, Australian defence personnel have been banned from using the video-conferencing platform while working from home in fear that confidential information could be accessed by hostile actors.
With that said, Michael Chetner — Zoom’s head of Australia and Asia Pacific — informed The Sydney Morning Herald and The Age newspaper that its application has undergone strict security testing.
“Our platform was built primarily for enterprise customers; large institutions with full IT support. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data centre layers and confidently selected Zoom for complete deployment,” he said to The Sunday Morning Herald, adding that Zoom has been “working around the clock” to make sure that users can continue running businesses during the ongoing COVID-19 pandemic.
In response to the security vulnerabilities, discipline leader in analysis and information system and senior lecturer in the School of Engineering and Technology, Dr. Ritesh Chugh, cautioned that the company’s growth has led to inadequate data security practices.
For this reason, personal user information may be more vulnerable, which is exactly why Australian residents must understand what they are agreeing to when they sign up for Zoom to work from home.
As a security analyst working in Beijing in 2008, I struggled to connect to basic websites like Facebook and Wikipedia (coincidentally, many more websites are banned in China today than were then). Naturally, I started looking for a solution. VPN services were, at the time, security tools used by large I.T. companies or cybersecurity professionals.