FBI Issues Warning About Zoom Security Issues
The FBI has issued a warning that Zoom and other teleconferencing apps may be vulnerable to hijacking. The FBI advises users not to make meetings or classrooms, public, to restrict screensharing capability, and to use meeting passwords. Zoom has a "waiting room" feature that allows the host to control who is admitted.
Today The Citizen Lab released the results of their examination of the security and privacy features in Zoom (https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/: Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings) Their findings back up the warnings from the FBI and raised several concerns over how encryption is enabled within the application. However, we need to remember that companies are using Zoom, and other conferencing platforms, to enable them to survive through the COVID19 pandemic and companies need to do a risk assessment that suits them. For many companies the warnings from the FBI and The Citizen Lab will be an acceptable risk for them, while others who may be discussing sensitive data it may not.
The easy answer is there are more secure alternatives to Zoom and companies should be providing and recommending those. The real answer is that many employees working at home and their families will be using Zoom for the next few months. Security vendor Checkpoint recently put good safe use guidelines for using Zoom at (https://blog.checkpoint.com/2020/03/26/whos-zooming-who-guidelines-on-how-to-use-zoom-safely/: Who's Zooming Who? Guidelines on How to Use Zoom Safely) and SANS has released a secure work at home awareness kit at (https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit: SANS Security Awareness Work-from-Home Deployment Kit) Zoom (see item below) has also pledged to make security job one over the next few months - much needed.