As if times haven’t been difficult enough businesses are having to deal with new security threats whilst staff work from home and some fairly major issues with one of the most popular video conferencing platforms, Zoom.

Since COVID-19 hit and lockdown was enforced, businesses have needed to get savvy for their staff continuing to work from home – finding a safe and secure way to connect to keep business running smoothly and effectively – so it’s no surprise that Zoom has seen a huge surge in users the last few months. And what comes with an increase of users? An increase in potential attacks.

So, is it any surprise to find out that this video chat app has become a target of Zoom bombers, privacy issues and some serious security vulnerabilities? A Zoom consultant says:

“Zoom is dealing with some serious safety issues.”

“This creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product.”

These comments were made after Zoom has come under some serious pressure to stop Zoom bombers – according to reports, a recent Zoom bomb incident saw a church’s bible class hijacked by uninvited guests sharing child pornography.

What is Zoom bombing?

Zoom bombing or Zoom raiding is an unwanted, disruptive intrusion, generally by Internet trolls and hackers, into a video conference call. In a typical Zoom bombing incident, a teleconferencing session is hijacked by the insertion of material that is lewd, obscene, racist, or antisemitic in nature, typically resulting in the shutdown of the session. The term is associated with and derived from the name of the Zoom videoconferencing software program but it has also been used to refer to the phenomenon on other video conferencing platforms. The term became popularised in 2020 after the COVID-19 pandemic forced many people to stay at home and videoconferencing is used on a large scale by businesses, schools, and social groups.

Zoom bombing has caused significant issues in particular for schools, companies, and organisations worldwide. Wikipedia*

As a way to respond to the negativity surrounding the security, privacy and zoom bombing issues of Zoom their CEO Eric Yuan announced that end to end encryption will be available BUT only for paid users of the app. Insane! Why would you offer this standard of encryption at a cost when your competitors such as FaceTime (Apple) and Signal offer it for free!

After researching it becomes apparent why Zoom is doing this and their reasoning behind their thinking – If Zoom becomes end to end encrypted you automatically lose a lot of functionality – no more dial-in calls (so no going a meeting by phone) and you lose other features such as cloud recordings and streaming in YouTube. On top of this – Zooms MAIN competitors Microsoft Teams, Blue Jeans, Google Meet, Cisco Webex don’t have end-to-end encryption.

Zoom itself has tried very hard to stop Zoom bombing through some fairly advanced and high-level security upgrades and their “Report a User” feature – but still seem to fail as Zoom bombers are still actively attacking the app – we think it’s time that Zoom makes some fairly critical decisions before user trust is exploited further.

As a business are you a Zoom user? Have you experienced any untoward activity on the app?

For information on other video conferencing/chat apps see our previous blog