Coronavirus: Zoom is in everyone’s living room – how safe is it?
Zoom, the video-conferencing app that has seen a huge rise in downloads since quarantines were imposed around the world, is now being used by millions for work and social gatherings.
This week Prime Minister Boris Johnson tweeted a picture of himself chairing a Cabinet meeting via the app.
This led to questions about how secure it was for government meetings.
Zoom has angrily defended its security record, saying it would answer any questions the government had.
It was closely followed by reports that the Ministry of Defence (MoD) was suspending use of the app, something it strenuously denied.
The MoD told the BBC that Zoom had never been used for high-security meetings, but continued to be a tool for cross-government chats.
Later, a Cabinet Office spokesperson moved to clarify the government’s position: “In the current unprecedented circumstances the need for effective channels of communication is vital. National Cyber Security Centre guidance shows there is no security reason for Zoom not to be used for conversations below a certain classification.”
But Zoom was clearly angered by suggestions that it was not entirely secure.
“Zoom takes user security extremely seriously,” it told the BBC.
“Globally, 2,000 institutions ranging from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare and telemedicine practices have done exhaustive security reviews of our user, network and data centre layers confidently selecting Zoom for complete deployment.”
“We are in close communication with the UK Ministry of Defence and National Cyber Security Centre and are focused on providing the documentation they need,” it said in a statement to the BBC.
Exactly what this documentation is, neither Zoom, the National Cyber Security Centre nor the MoD were able to say.
Zoom has had security flaws in the past, including a vulnerability which allowed an attacker to remove attendees from meetings, spoof messages from users and hijack shared screens. Another saw Mac users forced into calls without their knowledge.
All these were patched but some experts still think that the firm has a rather blase attitude to security.
“Zoom has had a chequered history, security-wise, with a number of instances where one has had to question whether it really gets it when it comes to users’ privacy and security,” said cyber-consultant Graham Cluley.
“Right now, lots of people are using Zoom for the first time and may not be au fait with the safest settings to keep unwanted people out of their chats.
“They also probably haven’t read the terms and conditions, but just clicked ‘Yes’ to everything to get online. Zoom and other video messaging apps provide a valuable service right now but folks should be careful in their choices as they rush to connect online.”
Prof Alan Woodward, a computer scientist at Surrey University thinks the government needs to be careful: “In some ways for a public broadcast it doesn’t matter if anyone can listen in as was the case for the No 10 briefing.”
“However, where I have taken part in government briefings where it is for the participants’ ears only we have used Microsoft Teams.”
“There is no evidence that Zoom has any problems in its latest versions but in these crazy times it seems sensible only to use systems that are tried and tested. It does reinforce the message that whatever you use you should use the latest version,” he added.
BBC