With great popularity comes great responsibility. Such is the case with Zoom - an extremely popular video conferencing app. There has been an exponential rise in the use of video conferencing apps due to the COVID-19 pandemic as most people are working from home. However, it is the need of the hour for Zoom to put in place proper security measures.
What is happening
A new Zoom phishing campaign was launched at the end of April. In this campaign, recipients were asked to join a meeting, threatening them that their employment contracts will be suspended or terminated due to the pandemic. The campaign mainly targets employees using Office 365 and more than 50,000 people have been targeted.
What Zoom is doing
- With the latest Zoom security update, admins will be able to disable Personal Meeting IDs (PMI). This feature would come in handy as unless properly secured, anyone can join the meeting and steal data.
- The platform is also strengthening its security profile by acquiring a start-up called Keybase. This company will be responsible for the implementation of an end-to-end architecture for calls on paid subscriptions.
What the experts are saying
Meetings that are recurring or have been scheduled previously using a PMI are required to be updated.
Eric Yuan explained, “Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees.”
What you can do
- Set a password for every meeting.
- Disable the option to join before host.
- Enable waiting room.
- Lock the meeting once started.
- The encryption keys will not be stored on Zoom’s servers.
- The current state of encryption has put Zoom at the forefront of a class-action lawsuit.
- The entire details of the Keybase cryptographic draft design will be rolled out on 22nd May.
Users are suggested to be aware of cybersecurity concerns during these trying times and follow the required steps to safeguard their information.