People have started turning to video calling amid the coronavirus pandemic. There has been a huge surge in the usage of Zoom. Even some of the governments are using Zoom to hold cabinet meetings. The platform is facing a huge privacy and security backlash. While Zoom claims that it offers end-to-end encryption for everything, it is only limited to text chats.
The random meeting IDs that the app generates are 9 to 11 digits long. Researchers claim that these meeting IDs are easy to guess and sometimes even brute-force able. This exposes your meetings to random hackers and strangers. Part of this has also led to Zoombombing. Zoom has fixed this by adjusting the default settings for education accounts.
The most damning issue is around the encryption. The company has been in news for misleading people. Zoom’s website reads that it offers end-to-end encryption. In reality, the encryption is limited to text messages. It is not possible to enable E2E encryption for Zoom video meetings.
Multiple users have pointed out that they can still see the email address of random people on their Zoom profiles. Exposing email addresses to random people exposes the users to spam and phishing attacks.
The company is now pulled into the court for illegally disclosing personal information to third parties. The lawsuits are filed in California earlier this week. As security researchers dig deeper into Zoom’s privacy settings, more issues will come into the light.