contador web Skip to content

Safe zoom? See tips for using the video conferencing program | Internet

Zoom Meetings is a videoconferencing program that became popular during the coronavirus quarantine, as many people are working on a home office scheme. The platform has become an alternative for holding business meetings, work meetings and even classes. However, in the last week, security holes in the program have been pointed out by experts. The loopholes in the system would allow strangers to break into rooms to disrupt meetings and even the spread of malware to participants' computers. Such accusations undermined users' confidence in the privacy and security of the data collected by Zoom.

#FiqueEmCasa: tips and news help you stop the coronavirus

On Monday (6), Anvisa (National Health Surveillance Agency) issued a statement prohibiting its employees from using video software during office hours. FBI, Space X and other organizations have already released restrictions on the use of the program. Next, understand the controversy surrounding Zoom, see security tips for using the app and alternative tools for making video conferences.

Several possible security problems affect Zoom, a videoconferencing platform Photo: Paulo Alves / dnetcSeveral possible security problems affect Zoom, a videoconferencing platform Photo: Paulo Alves / dnetc

Several possible security problems affect Zoom, a videoconferencing platform Photo: Paulo Alves / dnetc

Want to buy cell phones, TV and other discounted products? Meet Compare dnetc

Security flaw in Zoom

In the last week, Zoom had security flaws pointed out by users, journalists and companies. Patrick Jackson, chief technology officer for digital security company Disconnect, told the Washington Post that he had found more than 15,000 videos recorded by users. The expert reportedly used a free tool to analyze servers in the cloud.

Zoom offers the possibility to record meetings and this material can be stored on the user's computer or on the program's servers. In the latter case, the folder used to store the files was not protected, leaving thousands of calls exposed on the Internet.

Another episode, called Zoombombing, was reported by users, as explained by the TechCrunch website. It is the invasion of meetings by unauthorized people, who shared pornography and inappropriate content. In some cases, criminals have also been able to distribute malware on the computers of the videoconference participants. To avoid this type of situation, Zoom enabled the waiting room feature, in which participants wait for the organizer's release to enter the meeting.

Experts also found other serious loopholes. Hacker Patrick Wardle, a former US National Security Agency (NSA) agent, has demonstrated the possibility of attackers hijacking the microphone and webcams on macOS computers used to attend Zoom meetings.

According to reports, Zoom users had raided meetings Photo: Divulgao / ZoomAccording to reports, Zoom users had raided meetings Photo: Divulgao / Zoom

According to reports, Zoom users had raided meetings Photo: Divulgao / Zoom

Another flaw pointed out was the sharing of user data from the Zoom app for iPhone (iOS) with Facebook, even if they did not have an account on the social network. The information was published on Vice's website, after its own investigation. The gap was corrected by Zoom in an update released at the end of March. Hackers also took advantage of the program's popularity to scam users, with the creation of fake domains.

After the disclosure of security problems, Zoom was compromised. At the end of March, the FBI received complaints from schools that were victims of "Zoombombing" and issued an alert encouraging users not to hold public meetings through Zoom and not to share the video conference link on social networks. The American agency also stressed the importance of keeping the program up to date to receive new security fixes.

Some organizations and companies, such as Elon Musk's SpaceX, have even recommended that their employees avoid using the service because of the potential loopholes in Zoom and look for alternatives. In Brazil, Anvisa (National Health Surveillance Agency) announced, on Monday (6), the blocking of programs on its employees' computers. The agency explained that the measure was taken after the disclosure of security flaws and that it has its own solution for videoconferences that can be used by its employees.

See also: home office: see tools for working at home on the coronavirus

Home office: see tools for working at home on coronavirus

Home office: see tools for working at home on the coronavirus

Zoom CEO Eric S. Yuan posted a note on the platform's official blog, on the last day 1, in which he pledged to correct the problems. In its defense, the program claims that the explosion in the number of users in a few weeks ended up pushing the design of the platform to the limit, exposing the service to a series of scenarios that had not been initially foreseen. According to the note, Zoom was initially developed for large companies, which have good IT support. It is worth noting that the tool had 10 million daily participants in December and today it reaches 200 million a day, according to data from the company itself.

The executive explained that, following the discoveries of security experts, journalists and even users, several measures have been taken to improve the platform. Actions include training for users, so that they get to know the platform's tools better, and changes in support, to make it more efficient. Eric S. Yuan also stressed that Zoombombing prevention resources, such as the waiting room, arrived on March 20; that Facebook was removed from its software development kit on March 27; and that the website's privacy policy was adjusted on March 29 to make it clearer to users.

dnetc got in touch with Zoom's global press office, asking for a position on possible failures, but there is still no return. This matter will be updated shortly if there is new information.

How to use Zoom safely

In view of this failure scenario, many users were in doubt as to whether Zoom is safe and whether it is possible to continue using the program normally. Next, dnetc separated some tips that can minimize the problems in the tool. Still, there is no way to guarantee that they will be fully effective for using the application safely. At the end of the text, there are other videoconferencing services to hold meetings online.

Zoom works with a type of identifier similar to a phone number. Each user in the network has a Personal Meeting ID (PMI), which is used so that other people can enter a room organized by you just using their contact digits. The downside of this feature is that anyone can use this identifier to access a broadcast that you organize or participate in.

Scheduling rooms allows you to use a random PMI for more security Photo: Reproduo / Filipe GarrettScheduling rooms allows you to use a random PMI for more security Photo: Reproduo / Filipe Garrett

Scheduling rooms allows you to use a random PMI for more security Photo: Reproduo / Filipe Garrett

The way to avoid this type of situation is to use a random PMI, generated by Zoom itself for single use, and which differs from your personal PMI. This is possible only by scheduling a meeting. In Schedule a Meeting, just check Generated Automatically in the Meeting ID option. This way, your personal PMI will not be used in creating the room.

2. Share only part of your screen

When sharing your computer screen, Zoom allows you to define that only the area you are interested in is visible to contacts. The measure is useful for hiding open tabs in your browser, icons on the taskbar or desktop of the PC or the device you use to connect.

  It is possible to limit the sharing of only a fraction of the screen in the "Advanced" tab Photo: Reproduo / Filipe Garrett  It is possible to limit the sharing of only a fraction of the screen in the "Advanced" tab Photo: Reproduo / Filipe Garrett

It is possible to limit the sharing of only a fraction of the screen in the "Advanced" tab Photo: Reproduo / Filipe Garrett

To activate this mode, just select the Share Screen option. On the screen that opens, choose the Advanced tab and, as shown in the image, choose Portion of Screen. A green checkbox will appear: just size and move it to choose what you want your contacts to see.

3. Turn off microphone and camera in advance

If you are invited to a meeting and just want to watch what a superior or teacher transmits, you can set Zoom to enter the room with your microphone and webcam turned off by default. This way, you avoid embarrassment and can activate both resources if necessary.

You can leave your microphone and video off whenever you enter a new room Photo: Reproduction / Filipe GarrettYou can leave your microphone and video off whenever you enter a new room Photo: Reproduction / Filipe Garrett

You can leave your microphone and video off whenever you enter a new room Photo: Reproduction / Filipe Garrett

To set this pattern, open the PC app and access the settings in the gear icon below your avatar. In the Video and Audio menus, check the options Turn off my video when joining a meeting and Mute my microphone when joining a meeting, respectively.

4. Create a waiting room

The idea here is simple: instead of allowing everyone to automatically enter the room, create a waiting space in which contacts, whether legitimate or not, need to wait until you officially authorize the meeting. The approach is simple and should ensure that strangers do not have access to your meeting.

Use of the waiting room can prevent invasion of your videoconference Photo: Reproduo / Filipe GarrettUse of the waiting room can prevent invasion of your videoconference Photo: Reproduo / Filipe Garrett

Use of the waiting room can prevent invasion of your videoconference Photo: Reproduo / Filipe Garrett

The feature is activated by default in videoconferences scheduled through the Schedule a Meeting. If you wish to confirm the use of the waiting room by default, access the Account Management option and click on the Account Settings menu. In the Meetings tab, you can enable the Waiting Room field.

5. Apply restrictions to participants

Another good practice to avoid embarrassment is to limit screen and file sharing to participants. That way, even if an unknown user ends up infiltrating your videoconference, he will have difficulties in disturbing the meeting by sharing his screen or bombarding the other participants with unwanted files.

Alternatives to Zoom for videoconferencing

If you prefer to abandon Zoom and look for other alternatives to make video conferences, know that there are several free options. Google Hangouts allows you to create rooms with up to 10 guests and works seamlessly with Gmail. Hangouts Meet, the business version of the platform, allows video calls with up to 250 people and is free until July 1, while Skype, in its free version, allows meetings with up to 50 people. Another option from Microsoft is Teams, which is restricted to Office 365 subscribers. Several of them also offer a mobile application.