If you use Zoom, you need to know this: “major security issues” – experts say
Zoom is an application that has gained immense popularity in the last month. Isolation at home and work from home have made people become loyal users. As the number of users increased, so were the problems.
The National Cyber Security Incident Response Center (CERT-RO) has made a list of issues already reported about Zoom. Despite its popularity, and its existence on the market since 2011, the app still has things to go.
When a person initiates a video conference and plays the role of host, they have the option of activating the option to watch the attention of the other participants, receiving notifications if they do not pay attention to the screen for more than 30 seconds.
Regardless of whether users read the email, work on a file, report or are not careful and do other activities on the Internet, the video call host receives a notification about it.
The problem is that the participants do not receive a notification indicating that this process is active and, as a result, they do not agree to follow their activity in this way.
At the same time, it is good to know that the conference host can record the call. In addition, Zoom saves a .TXT file for chat messages from this online video meeting. According to its support page on this topic, the saved chat will only include messages from the host and spearkers to all participants.
According to the privacy policies, Zoom collects information about users, personal information such as name, address, email address, telephone number, job title, employer. Even if you do not create a Zoom account and connect to another service, the application will still collect information such as the type of device used and the IP address.
Security experts have recently identified that Zoom incorrectly distributed information to Facebook.
Specifically, the Zoom app on iOS used a development kit (SDK) used for authentication through the Facebook account, which has been shown to report information to the social network, even if the user does not authenticate through the Facebook account.
In 2019, a cyber security consultant discovered that Zoom created a local web server on a user’s Mac device, which allowed Zoom to bypass security features in Safari 12 web browser.
This web server was not mentioned in any official Zoom documentation and was used to bypass the activation of a pop-up window, which Safari 12 displayed before turning on the device’s camera.
Unfortunately, this remote web server was not properly secured.