Zoom - Safe and Secure?
“The” go-to for audio and video teleconferencing, Zoom is being used by corporations, non-profits and large gatherings of independent people to meet in the midst of the present social distancing guidelines.
However, is it safe? Can you do anything to make it safer?
According to the FBI, they’ve been shutting down (a lot of) bad actors spamming meetings with vulgar and inappropriate material “drive-by’s” if you will. You’d be wise to rotate your passwords and logins regularly to ensure your meeting (if you’re hosting) isn’t hijacked (or other credentials aren’t either). It’s always a good idea to check “Have I been Pwned”; if you share credentials across sites, and are stolen, they can be weaponized against Zoom too and miscreants can access it…
Likewise, Zoom’s software and infrastructure itself is plagued with security flaws (at the time of this article) making privacy not guaranteed no matter what precautions you take.
I personally have to use it due to some of the organizations I work with have chosen to adopt it, thus, I’m giving what guidance I can regarding matter.
If, you use a Mac like myself, Oversight and KnockKnock are good mitigations against the (Zoom software) security flaws it comes with / can come with. They permit you to monitor activation of your audio and visual pickups on your Mac, and, kernel/extension injection/hijacking respectively. You can get a free copy of both here…
https://objective-see.com/products.html
If you have a Windows machine, the best advice I can give is the usual: make sure Windows is up-to-date, you’re running up-to-date antivirus software, and your copy of Zoom is up-to-date. The same goes for mobile platforms (smartphones): make sure you update your smartphone OS and Zoom app regularly. This is pretty generic advice, but it should be noted both Zoom itself has resolved some of the security issues in their own code recently in updates, and in the past, OS manufacturers (Apple) have taken steps in their updates to protect their users against Zoom abuses so although generic advice, it’s important advice.
At the end of the day you have a choice: avoid Zoom and completely avoid the risks (but also avoiding your organization’s chosen online-meeting medium), use it and do nothing, or, do what you can to reduce the risks and accept the remaining risk. I’m advocating you do what you can, and accept the remaining risk. The same can be said of other problems we have at the moment, for that matter, but that’s another story.
Saturday, May 30, 2020