How secure is Zoom?

In recent weeks we’ve all become home remote workers. And that means we’re relying on video conferencing software like Skype and Zoom. And this has led to concerns about the security of the information being exchanged. Adam Murphy was joined by tech commentator and angel investor Peter Cowley…

Peter - Zoom is one of these many platforms for video conferencing. So as consumers we tend to use FaceTime or Skype or WhatsApp or House Party, the new one that people are talking about. And for businesses tend to use Microsoft Teams and Go To Meetings and and Cisco WebEx. But it also Zoom. Zoom we also use actually privately, I'm going on to a drinks party after this on Zoom with people in various places around Europe. So basically it's people getting together in a single place using audio and video.

Adam - And with all these people together in one place, is it secure?

Peter - As has been reported in the press quite a bit recently, Zoom, which has grown quite rapidly and become very much the dominant player in recent years, is not concentrated quite as much perhaps on privacy as they should. And this is what they've self-declared, it isn't something that I've made up. There's been things like, something called Zoom bombing, which is where somebody suddenly appears on it and says something rude or derogatory or has an image there which they definitely shouldn't be showing. Information has been passed to Facebook. People can join a meeting just knowing the ID and famously the cabinet's Zoom meeting was published on Twitter with the ID on it as well, so that effectively if somebody typed that in, they could have possibly joined that. Email addresses have been lost, etc. The big issue with Zoom is it's what's in the industry is called a very large attack surface. There are probably at any one time, hundreds of thousands of millions of Zoom calls going on. So that means it's quite easy for people to get in. I mean people who are doing naughty things, not you or I of course, get into some of these calls.

Adam - And you mentioned it was passing data to Facebook. What kind of data is passing on?

Peter - I don't know and they seem to have cleared that. So there are a number of things have happened. They've now stopped any new features. I've actually got a Zoom Pro account myself and the number of features there, the settings is phenomenal. So there's more features than probably any of us will use. So what they're doing is basically closing these loopholes, or closing the loopholes that have been found so far. Like any internet giant or any software, really the things that could be leaked are data, of course, I couldn't tell you what Zoom has leaked, if anything has leaked. And also selling, I mean we've been through this before with Cambridge Analytica, haven't we? Here in Cambridge a couple of years ago.

Adam - With all this happening, what can people do to keep themselves safe on Zoom?

Peter - Two or three things which are being introduced and I see that even on this meeting, it's coming up in about an hour's time, passwords. So having a password there. Most meetings you get in, you get a link. If that link leaks, anybody can get into it. But if you've got a lot of participants, and I was on recently one with a hundred, there's no way you can see everybody. Something called waiting rooms or lobbies? So you can't get on immediately. You've got to get into this waiting room and then you're let in by the host. Again, this means they can't come in, they can't Zoom bomb. You should mute your own video and your audio of course where you're not needed. If you're the host, you mustn't allow guest screen-sharing, that way the Zoom bombing can't occur. So there's quite a lot of just good practice that people haven't been doing.

Adam - And then what about our mobile networks and our smart phones and all this? How secure are they in the current situation?

Peter - Well a couple of things there. One is that some countries are actually using the mobile phone networks to do couple of things. One is to contact trace so they can see if somebody's had COVID, who they've been near. And secondly social distancing, because the data is accurate enough they can actually see. So this is very Big Brother-ish and I hope it doesn't get to many other countries like the UK. The other thing you might've seen is that people are somehow blaming 5G for COVID transmission and they've been setting fire to 5G mobile masTs and there's been seven or eight of them here in the UK being set fire too. I really can't see the connection there between how a 5G signal, which is yet another mobile signal, but no different really from the ones we've have been used to for the last 20 or 30 years, and COVID. But they seem to think they are.

Adam - And so you won't be stopping using 5G?

Peter - I certainly won't be stopping using 5G and I won't be stopping using Zoom, but I am very pleased to see that these other facilities like the passwords and the lobbies, things I didn't know about a week ago, which I do now.