Zoom is being accused of not being safe. As we warned a few days ago, a series of technical problems along with probably bad business decisions is causing a collapse of the company. While it had grown like foam due to confinements throughout the planet, its use is now falling completely. We explain what are the reasons for not using this application to make our video calls.
For these same reasons, employees of NASA, SpaceX and Apple are prohibited from using this video call application, in addition to the FBI itself has recommended not to use it. It has also been banned in New York schools by the Chancellor of the Department of Education.
Interest you | Zoom responds to allegations of lack of privacy and security at a critical time for the video call app
Zoom does not use end-to-end encryption
The main reason not to use Zoom is because it doesn’t use end-to-end encryption. In order for such an application to be completely secure, the conversation must first be encrypted on the device of the user sending the data, and decrypted only on the receiving device. In this way we ensure that it is impossible for someone who intercepts communications to be able to see the content of video calls.
Instead, what Zoom does is apply encryption, but only to the transport layer. In other words, the conversations are encrypted, protecting them from a potential attacker, but not from Zoom itself. But this is not only bad because the content is exposed to the application’s own employees, but also if someone attacked the company’s servers, they would also have access to those calls.
And, if that were not enough, governments would also have the possibility of accessing this data if there was a legal requirement, or at least the US government. This is the main reason why Apple never transfers data from criminals’ iPhones: it is not because they do not want to, but because they do not have the technical means to do so. “We recognize that we can do better with our encryption design,” acknowledges the company itself.
China could access your conversations
And, precisely because of this, China may be monitoring video calls made through the app. This is because 5 of the 73 Zoom servers are located in China. On these servers, encryption keys are generated for video calls, so China would have the right to request these keys since the servers are located in the Asian country.
Anyone can enter unprotected conversations of others
Although it is true that Zoom gives you the possibility that people can only enter your conversation by means of a password, this is not completely necessary and also, it is not viable on all occasions. The case is that each chat has an access code. If someone decided to try their luck and generate those codes randomly until you find a chat that is not password protected, could go into it.
And although we think that the possibility is very remote, in reality it is not so much: Someone entered a Norwegian school video conference naked because they guessed the chat access code. And it is not the only time it has happened, since many schools in the United States have also dropped out for similar situations.
Imagine that you are talking to your family and suddenly someone enters the chat. Or that you are having a professional conversation – say, a job interview – and someone surprises the members. While this is true, This can be avoided by users by applying a password to chats., although this is not always viable, as we said.
Zoom shares your data with Facebook even if you don’t use the social network
Even if you don’t have an account on the social network, if you use the Zoom app for iOS, your data can be shared with Facebook. These data include the time the application starts, the device and location information, and the telephone operator. Based on Motherboard research, this data would be shared in order to generate personalized ads. We cannot find this even in the privacy statement of the application.
Zoom can reveal your Windows login details
If you use Zoom from a Windows computer, Your access data from your computer, in addition to your email and user photo, could be revealed just by clicking on a malicious link. However, this failure is easily solved by simply restricting the application to route network routes.
In addition to this, we found other problems such as Zoom would also share your LinkedIn profile according to the American media The New York Times, in addition to using a proprietary malware trick in macOS to obtain administrator privileges, something that in itself It does not indicate anything bad, but it is not about clean wheat.
From what we see, if you’re really committed to your privacy, Zoom is a nightmare. However, the company has announced that it will not launch new features in the next three months, focusing on fixing all these bugs.