The online meeting platform Zoom has become a worldwide sensation as everyone is sheltering in place. But porn and racist imagery are popping up in family or school sessions. That’s called Zoombombing. Now big companies like Google are banning Zoom for employee meetings because of the security lapses.
We talk about these security flaws — and how to navigate around them — with NBC tech reporter April Glaser.
Zoom became so popular because it’s easy to use
Glaser says that unlike Skype or Google Hangouts, you don’t need to create an account to join a Zoom session. Instead, you just click a link. You can have a meeting featuring one or multiple presenters, with lots of people watching. Plus, Zoom is free.
“The whole idea of Zoom is this kind of frictionless video chat platform. ... It was just very, very elastic in terms of the type of videoconferencing that it allowed. But it was primarily used by businesses. … Once the pandemic hit, people started using it for everything, from schools to dance classes to family hangouts,” Glaser says.
The start of Zoombombing
“Quickly in March, when so much of our lives started to pour online … go figure, trolls that were online … started finding open links to Zooms that were posted across the internet for classes that were happening … and interrupting those classes with porn, with curse words, with really abusive/vile imagery,” she says.
Many of these interruptions were targeted specifically at the group hosting the meeting, whether it was a Jewish study group or an African American Studies class.
Glaser notes that in early April, the Washington Post found more than 1000 Zoom links and videos that were open across the internet. Users thought these were private links, but that wasn’t the case.
How do Trolls find your Zoom links?
Glaser says if you’re hosting a Zoom class, you might post a link to it on social media. Then those links would be shared in private chats between people looking to harass others.
Glaser says people are now making those links private, and Zoom is implementing a “waiting room” session, where you can see who will join your session before you begin.
She notes that Zoom continues to let people record their sessions. “And so the Washington Post actually found video clips of things like therapy sessions, family talks, children's classrooms that were just kind of being dumped in kind of open buckets.”
What Zoom is doing about the security breaches
Glaser says Zoom has introduced features for moderators, including the waiting room feature. It’s also requiring additional password settings to boost privacy. It’s working on improving security over the next three months or so, and during this time, it won’t be introducing new features.
“This comes after multiple senators have called on the FTC to investigate Zoom. Now we've seen attorneys generals, primarily in New York, start to scrutinize the company. And even federal prosecutors in Michigan warned that Zoom harassment actions could be considered crimes,” Glaser says.
She adds that no company can anticipate the kind of growth that Zoom has had. “Its stock went way up. It went from having about 10 million daily users before the pandemic to 200 million people using the platform every day. … But the company did know that it had some security vulnerabilities long before the pandemic. And part of that was kind of in its effort to be this frictionless video chat tool.”
Glaser says that Zoom prompts itself to download. “Hackers have also started exploiting those prompts to automatically start tricking people into downloading malware onto their computers. ... The ease of Zoom has kind of made us put our guard down quite a bit.”
Should people use a different, more secure platform?
She says Microsoft has seen tremendous growth, and many people are using Google Hangouts.
“These kinds of incumbent legacy technology companies are really well positioned to provide extremely robust security because they've been handling … hundreds of millions of users for so long. They're just not as new a company as Zoom. So we see people going into those,” Glaser says.
However, she notes that the lesson isn’t to turn to Microsoft or Google, but to be aware that much of our lives are now online. “That means that we need to just check our security settings. Just go to the privacy sections of preferences, and make sure that you're locked down.”
— Written by Amy Ta, produced by Angie Perrin