Is Mindful Leader Still Using Zoom? And Should I Stop Using Zoom?

BL00 - Is Zoom Safe.jpg

By Mo Edjlali

With the impacts of the COVID-19 pandemic, many people have started using the video conferencing tool Zoom. In fact. according to Zoom CEO Eric Yuan's April 1st statement, their user base went from 10 million people in December to 200 million people in March.  

At Mindful Leader, we have been using Zoom extensively for the last few years. You might be hearing some concerning information about Zoom and I wanted to share what we are doing to address this at Mindful Leader and some information for your consideration. 

1) Zoom Video is not encrypted  

Zoom claimed it was end-to-end encrypted, which meant that not even the people working for the platform itself could read chats and hear audio from meetings you host using it. Encryption is a process that ensures your message will only be read by your intended recipient by encoding the information and providing a key for the receiving end to unscramble the information. Zoom actually uses transport encryption, which would allow them to access your data should they choose to. While, according to Forbes, Zoom has emphasized that it does not access or sell information, saying that they were end-to-end encrypted was misleading.   

What we recommend: If you are sharing classified information, or something that a foreign intelligence agency might want, then you should consider an alternative to keep your data end-to-end encrypted. For most people, this is not a concern. 

2) Zoom bombing 

When links are posted publicly and without a waiting room or password, people can enter Zoom meetings, often with bad intentions. With the sudden popularity of Zoom, people are also using algorithms to guess meeting IDs in order to enter meetings. Once in a meeting, Zoom bombers have so far chosen to do various naughty things, including sharing their screen to show explicit or upsetting images and putting links to malware in the chat section.  

What we recommend: You can avoid this by having a password for your meeting, having Zoom generate different links to every meeting, and by having a waiting room where you can screen people before they enter your Zoom room. We recommend making these changes immediately. 

3) Is Zoom Malware?

You might see some headlines about Zoom being malware. Malware is basically malicious (mal) software (ware). Zoom bypasses some OS installation protocols (you might notice on a Mac the Zoom install is not the same as other apps). And less than a year ago there were some issues so severe that Apple froze Zoom

According to The Verge, “This meant the Zoom app was being installed without users providing final consent, thanks to a misleading prompt that automated the install process. The discovery prompted Zoom CEO Eric S. Yuan to respond over Twitter, with a promise to improve the situation. Zoom has now issued a new update that addresses the problems revealed by [software engineer Felix] Seele.” 

The thing that I believe is most concerning is that malware creators have started distributing Zoom client installers bundled with ACTUAL malware such as malicious trojan and adware bundles. You will be fooled to thinking you are installing Zoom and malicious software will piggyback on the installation.  

What we recommend: Download and install Zoom directly from the Zoom website. Install Zoom software updates, keep your OS up to date and if Apple, Microsoft, or Google (the major OS makers) issues guidance on Zoom, follow it. 

4) Zoom privacy 

The Zoom app recently found itself at the business end of a lawsuit for violating California’s new data protection laws. When the IOS version of the app was opened, it would send analytics data to Facebook without informing the user. According to Vice, this data included device model, city, time zone, their phone carrier, and a unique ad id. 

What we recommend: Zoom claims to be addressing this issue, so we will stay tuned.  

Zoom is not going away anytime soon. It's considered to be the best tool for video conferencing by many and this is why it has seen explosive growth. With that growth, more users will become comfortable using Zoom, reducing the learning curve and leading to even faster adaptation, and more people using it.  Zoom is moving quickly to address the security and privacy concerns as was shared in this statement. They will be freezing development and instead focusing on fixes for the next three months. 

Many of our current programs run on Zoom and we are making the following changes to address the issues that could impact our community’s experience.

1) Installing Zoom software updates as soon as they are available. We also encourage all people using our Zoom services to do so as well.

2) Adjusting our default settings 

3) Adding passwords to all our meetings.

4) Urging folks strongly not to publically share Zoom meeting ids or URLs.  

You might consider doing the same things if your organization is also using Zoom. These may seem like small fixes, but they can help keep your meetings safe and professional. We’ll keep a close eye on Zoom and its leadership to ensure that the fixes they promised are delivered and continue to assess if it is the best platform for us and our community to use.

Here are some articles that might be of help: 

Use Zoom? Here Are 7 Essential Steps You Can Take To Secure It: 
https://www.forbes.com/sites/kateoflahertyuk/2020/04/03/use-zoom-here-are-7-essential-steps-you-can-take-to-secure-it/#52a8dc8a7ae1

Zoom Faces Class Action Lawsuit for Sharing Data with Facebook: 
https://www.vice.com/en_us/article/pke4vb/zoom-faces-class-action-lawsuit-for-sharing-data-with-facebook

PSA: Fake Zoom installers being used to distribute malware
https://www.bleepingcomputer.com/news/security/psa-fake-zoom-installers-being-used-to-distribute-malware/

[Update: Zoom responds] Major Zoom vulnerability could allow websites to hijack your Mac’s webcam
https://9to5mac.com/2019/07/09/zoom-vulnerability-mac/

Zoom quickly fixes ‘malware-like’ macOS installer with new update
https://www.theverge.com/2020/4/2/21204648/zoom-macos-installer-update-privacy-security-concerns

Zoom Video CEO talks plans to win back customers trust
https://www.cnbc.com/video/2020/04/06/zoom-video-ceo-talks-plans-to-win-back-customers-trust.html


Mo Edjlali is the president of Mindful Leader. You can learn more about him here.

7 comments

Pamela Showman Apr 7, 2020 12:48pm

Thank you for informing us about this. I will make the changes necessary and hope to be Zooming again shortly

Read more
Read less

You're welcome, Pamela!

Read more
Read less
  Cancel
Mafalda Mendes de Almeida Apr 7, 2020 01:14pm

Thank you for the alert. Its time to be attentive, once Zoom is leading the market.

Read more
Read less

You're welcome, Mafalda! 

Read more
Read less
  Cancel
Bonnie Marks Apr 7, 2020 10:16pm

Thank you for your detailed explanation of the issues. Do you feel that Web-Ex is safer? Thank you,

Bonnie

Read more
Read less
  Cancel

Thank you for sharing this. I'm relatively new to Zoom, so this is great help!

Read more
Read less
  Cancel
Shahan Ahmed Apr 28, 2020 11:19am

Hi

Read more
Read less
  Cancel

Leave a comment