Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a… Continue reading Securing Internet Videoconferencing Apps: Zoom and Others

Maintaining Meeting Security During the Coronavirus

Whether you’re in the office or at home, there’s probably one activity you do more than any other: meetings. It doesn’t matter if you’re a financial analyst, a marketing intern or head of IT security, chances are you’re in near-constant communication … Continue reading Maintaining Meeting Security During the Coronavirus

Zoom bolsters software security in latest move to reassure users

Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers. The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. The software will also allow Zoom account administrators to choose which parts of the world they route their data through. The upgrade follows a report from the University of Toronto’s Citizen Lab that found Zoom routed some meeting encryption keys through China. The updates are an effort to adapt to the unprecedented amount of people using Zoom as they work from home during the COVID-19 pandemic. Some 200 million people used the software on a daily basis in March, and the Silicon Valley company at first appeared unprepared for the privacy and […]

The post Zoom bolsters software security in latest move to reassure users appeared first on CyberScoop.

Continue reading Zoom bolsters software security in latest move to reassure users

Zoom has fixed an eavesdropping issue tied to their ‘waiting rooms’

Earlier this week video teleconferencing company Zoom fixed an issue that would have allowed users in Zoom “waiting rooms” to spy on meetings even if they weren’t approved to attend them, according to researchers at Toronto-based Citizen Lab. Before the fix, which was issued on Sunday, Zoom servers automatically sent live streams of meetings and meeting decryption keys to the users in the rooms, where they must wait for approval to join a meeting. This vulnerability allowed those users to eavesdrop without approval. “Because users in a Zoom waiting room are not yet approved to join the meeting, and Zoom’s documentation appears to promote waiting rooms as a confidentiality feature, we assessed that this issue could represent a security concern,” Bill Marczak, a senior research fellow at Citizen Lab, and John Scott-Railton, a senior researcher at Citizen Lab, write in a blog post on the issue. The vulnerability would have been particularly relevant […]

The post Zoom has fixed an eavesdropping issue tied to their ‘waiting rooms’ appeared first on CyberScoop.

Continue reading Zoom has fixed an eavesdropping issue tied to their ‘waiting rooms’

Zoom shareholder accuses executives of fraud over security practices

A Zoom shareholder has filed a lawsuit against the video-conferencing company for allegedly covering up security vulnerabilities in its app. The suit, filed April 7 in a San Francisco federal court, accuses top Zoom executives of failing to disclose flaws in the company’s software, now used by some 200 million people daily. Zoom misrepresented problems with the software’s encryption protocol, failed to disclose that it was sharing user data with Facebook and concealed the extent to which user data was vulnerable to hackers, according to the suit. Zoom chief executive Eric Yuan apologized for security issues in a blog post Monday, saying the company intends to improve its practices. Investor Michael Drieu filed the lawsuit amid ongoing scrutiny of San Jose-based Zoom’s data protection practices. The number of daily users has skyrocketed, up from 10 million in early March, according to the company, as much of the world’s white-collar workforce has […]

The post Zoom shareholder accuses executives of fraud over security practices appeared first on CyberScoop.

Continue reading Zoom shareholder accuses executives of fraud over security practices

New York City Schools Ban Zoom over Security and Privacy Woes

The State of New York has decided to ban Zoom from city schools amid news of security and privacy concerns surrounding the popular videoconferencing software. “DOE staff and service providers should cease using Zoom as soon as possible,” De… Continue reading New York City Schools Ban Zoom over Security and Privacy Woes

We’re All Remote Here: Videoconferencing Securely

The current pandemic has certainly shown the utility of electronic collaboration tools such as videoconferencing platforms. Once an expensive perk of solely enterprise companies, the video call is now used not only for executives remotely attending boa… Continue reading We’re All Remote Here: Videoconferencing Securely