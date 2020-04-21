Left Menu
Development News Edition

EXPLAINER-Zoom bombs make choosing video apps harder for lockdown chats (April 20)

Reuters | Updated: 21-04-2020 19:18 IST | Created: 21-04-2020 19:18 IST
EXPLAINER-Zoom bombs make choosing video apps harder for lockdown chats (April 20)

The coronavirus crisis has seen millions locked in their homes turn to videoconferencing apps, bringing with it question marks over security and privacy and a new verb - Zoombombing - the practice of uninvited users crashing into conversations. From easy-access models for schoolkids and casual users like House Party, Google Hangouts or Zoom to Cisco's business-focused Webex, Microsoft's Teams or San Jose-based BlueJeans, the value and profile of these apps has soared.

But which one would you choose and what are the risks? WHAT CAN GO WRONG?

There have been two big social media-inspired scares since lockdowns and social distancing became widespread. People started uninstalling Houseparty in late March after messages on discussion boards and social media claimed that other apps on phones had been hacked after downloading its social chat platform.

The company denied the claims and offered a reward of $1 million for evidence of what it said was a smear campaign. Zoom, which has soared to 200 million daily users from 10 million in less than three months, had multiple reports of "zoombombing", where strangers barge into private calls having gained access to an invite or meeting number.

Underlying many of the issues is the fact that Zoom has not merely become more popular; with the world under lockdown, Zoom has transformed from a business-oriented teleconferencing tool to global video hangout. "Now Zoom is being used in situations where you invite strangers into video chat," said former Facebook Inc Chief Security Officer Alex Stamos, who now works with Zoom as an outside consultant. "That's a big change."

This has snowballed into a bigger problem as security researchers found bugs in codes, user data sharing with Facebook, lack of end-to-end encryption and routing of some traffic through China. Stamos said the changes meant the company had to think about privacy and security differently.

ARE THE THREATS REAL? Security researchers draw a distinction between apps aimed at social interaction and ordinary consumers and those intended to keep communications private for a big corporation or a bank.

They say that most "zoombombing" incidents could have been avoided if meeting hosts had taken simple steps like requiring a password to join the chat and keeping invites to tighter groups. Zoom has since updated https://blog.zoom.us/wordpress/2020/04/08/zoom-product-updates-new-security-toolbar-icon-for-hosts-meeting-id-hidden its software and given hosts the ability to lock meetings, restrict what attendees can do and remove participants. It advises hosts to approve each participant before they join a particular chat and has removed https://blog.zoom.us/wordpress/2020/03/27/zoom-use-of-facebook-sdk-in-ios-client Facebook's access to data.

"The flaws are serious, make no mistake, but not unique or special in any way," said another well-known cyber security researcher, Daniel Cuthbert. "But Zoom acted quickly and fixed the issues, which is not the norm in my experience and this should be applauded." For corporate customers, however, the issue of encryption and who keeps records or can listen to your calls is more important, be it to safeguard valuable company information, or meet privacy obligations to customers.

Zoom has brought in top industry figures to work on security and has already taken steps to allow users to rule out data passing through China, but it has also had to admit that it misled customers by saying earlier that its conversations were encrypted from end to end. Researchers say this may have been at the heart of a number of the bans on the app implemented by corporations and governments in the past month.

"While the average user talking about their daily activities with their family over Zoom are probably fine, I would recommend sticking with the platforms created by more mature companies," said Patrick Wardle, a security researcher with software company Jamf, who found two undisclosed flaws in the platform. A spokesman for Zoom, which has since patched those and other previously undiscovered flaws, said that big companies and government agencies globally have done exhaustive security reviews of its platform and many continue to use Zoom.

HOW DO THE APPS MEASURE UP ON ENCRYPTION? Some companies offer https://help.webex.com/en-us/WBX44739/What-Does-End-to-End-Encryption-Do end-to-end encryption as an option but when it is enabled several features such as saving session data, call transcripts, call recording and calling from landlines are not supported.

Cisco, which says it had 324 million attendees https://in.reuters.com/article/uk-cisco-systems-webex/ciscos-webex-draws-record-324-million-users-in-march-idINKBN21L2TJ in March, said its Webex sessions were encrypted. "We don't go and take your data or transcribe what you are saying, and we don't sell your data to ad agencies. This is a proper tool for secure communication," said Cisco senior vice president Jonathan Davidson.

Microsoft Teams, with 44 millions users https://www.reuters.com/article/us-microsoft-tech/remote-work-during-coronavirus-outbreak-puts-millions-more-on-microsoft-teams-idUSKBN21629D, and BlueJeans, which has 15,000 enterprise clients https://in.reuters.com/article/bluejeans-m-a-verizon/verizon-snaps-up-zoom-rival-bluejeans-for-less-than-500-million-idINKCN21Y1ZB, also offer encryption options on their platforms. Symphony Communication, a messaging service backed by big banks, is planning an early summer launch of a video conferencing platform featuring end-to-end encryption, Chief Executive Officer David Gurle said.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Download The Devdiscourse News App for Latest News.

TRENDING

Tom and Jerry director Gene Deitch dies at the age of 95

Bombay High Court decides to cancel its summer vacation from May 7 to June 7 if coronavirus-induced lockdown is lifted on May 3.

BLACKPINK’s Lisa releases new dance cover on her YouTube channel 'Lilifilm Official'

The Curse of Oak Island Season 7 episode 22 synopsis revealed, team reaches new depths in finding Money Pit

OPINION / BLOG / INTERVIEW

Lockdown data to guide policy formulation post-COVID 19

US Center for Disease Control CDS has invited applications for the first-ever Chief Data Officer. This is enough to indicate the importance of data analytics in the post-pandemic world. However, given the huge amount of data being generated...

Videos

Latest News

Anand to lead Indian challenge in Online Nations Cup chess tourney

Former world champion Viswanathan Anand will lead the Indian challenge in the Online Nations Cup, a team competition to be held from May 5 to 10. The International Chess Federation FIDE and Chess.com announced the Online Nations Cup which w...

Athletics-U.S. Olympics trials rescheduled for June 2021 in Eugene, Oregon

The postponed U.S. Olympic track and field trials have been rescheduled for June 18-27, 2021 in Eugene, Oregon, USA Track and Field USATF announced on Tuesday.The trials, to be held in a new stadium, originally had been planned for mid-June...

After Surjewala, Hooda alleges mismanagement in wheat procurement by Haryana govt

Former Haryana chief minister Bhupinder Singh Hooda on Tuesday expressed concern over alleged mismanagement of wheat procurement in the state. The government has continued to claim that it was ready for the purchase. But when farmers brou...

UP govt directs schools not to charge transportation fee for lockdown period

The Uttar Pradesh government has directed schools in the state not to charge transportation fee from students for the lockdown periodThe government said Secondary Education Principal Secretary Aradhana Shukla directed all district magistrat...
Give Feedback
Subscribe to our Newsletter  

SECTORS

EDITIONS

OTHER LINKS

OTHER PRODUCTS

CONNECT

Devdiscourse

Email: info@devdiscourse.com
Phone: +91-130-6444012, +91-7027739813, 14, 15

VisionRI | Disclaimer | Terms of use | Privacy Policy

© Copyright 2020