The Estrahash Scam: How to Avoid ASIC Cryptocurrency Fraud

Is it safe to buy ASIC miners now in a bare market where they seem to be the only profitable option in the Cryptocurrency space?

Facebook Messenger Update: Why the App Has a New Look

Facebook Messenger has got a new look. After three years of trying to bring chatbots to the masses, the company has pulled the plug...

NVIDIAs GTC 2020 Keynote Is Over And They Have Huge Ambitions For The Future Of Computing

The NVIDIA GTC 2020 keynote is finally done, and just as CEO Jensen Huang promised, it did not disappoint. In a series of nine...

Zoom, And Its Safety Issues Are Now In The Spotlight

While the coronavirus crisis has thrown several companies under the bus, there’s one area that’s seeing a meteoric rise- digital services. The crisis has now put the spotlight on services like Zoom, which has become a key player in the video conferencing space. 

While the American company is in the midst of its best quarter yet, it has come under intense scrutiny for its multiple privacy violations.

Back to Facebook

Oh Facebook! Even when it is not their service, the company finds itself associated with a privacy scandal. In March, Vice Media found that Zoom’s iOS app was sharing analytics data with Facebook, even when the particular user did not have a Facebook account. 

Sending data to Facebook is not uncommon, it happens when a developer uses Facebook’s Software Development Kit (SDK) to add features. However, there was no mention of data being sent to Facebook in the privacy policy, or through any pop-up in Zoom. 

Zoom connected to Facebook’s Graph API, which allowed the social network to access data such as details of the user’s device, their location and phone carrier. 

In a statement to Motherboard, Zoom said: “To address this, in the next few days, we will be removing the Facebook SDK and reconfiguring the feature… We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.

The company now faces a class-action lawsuit, filed in San Jose California by Robert Cullen. The suit alleges that the company is in violation of California’s Consumer Privacy Act, by leaking data to Facebook. 

Contacts leak

On March 31, Vice found that Zoom is leaking people’s email addresses and photos. The issue, linked to Zoom’s “Company Directory” setting, is perhaps the biggest violation of privacy yet. The bug (or as Zoom likes to think of it – feature), adds other people to a user’s lists of contacts if they signed up with an email address that shares the same domain.

The feature was intended to help people find a colleague through their email address. However, many Zoom users signed into the service through their personal mail ID rather than corporate ones. As a result, Zoom grouped the ID’s from domains as if they all belonged to the same account. 

The issue was first reported by several dutch users, who use domains like xs4all.nl, dds.nl, and quicknet.nl, which are provided by Dutch Internet Service Providers (ISPs). The leak is limited to similar non-standard domains, a support doc says that Zoom does not group “publicly used domains including gmail.com, yahoo.com, hotmail.com, etc.”

A screenshot by Twitter user @JJVLebon

Other violations

Zoom’s privacy violations do not end there. With Zoom Version 4.0, the company implemented an attendee attention tracking feature. It allows meeting organisers to see if other participants have the Zoom window “open and active” or not during a call. If the window is closed for more than 30 seconds, the organiser gets a clock-like indicator next to the participants’ name, indicating that they aren’t actively attending the meeting.

There’s also a tracking feature for administrators, who manage cloud recordings and other tasks. Under Zoom’s managing cloud recordings feature, admins can see details of how, when and where users are using Zoom in the company. 

Zoom provides detailed dashboards of user activities. Admins can also access data such as IP address, operating system, location data, type of machine and user-configured names of the devices. 

Administrators also have the ability to jump into a call in their organisation, without warning or consent of the attendees. All these violations were discovered by the Electronic Frontier Foundation on March 19. 

Zoombing

Well before the pandemic, Zoom also suffered from other privacy issues. The biggest being the ability to generate active meeting ID numbers. The hack, discovered by cybersecurity firm Check Point, allows a hacker to join a meeting that isn’t password protected. While Zoom did address the issue, it did not say users had to use a password, which was a key recommendation by Check Point. 

The issue came back into the limelight after British Prime Minister Boris Johnson shared a screenshot of a cabinet meeting on March 31. The screenshot clearly shows the meeting ID, which would have made it easy for any hacker to join in. 

The first ever ‘digital cabinet’ meeting chaired by Boris Johnson.

It has given rise to the term ‘zoombing’, as trolls are now targeting meetings that aren’t password protected. A New York Times article exposed how trolls are jumping into meetings at random, and broadcasting graphic content, forcing meetings to be cancelled. 

The most high-profile target so far has been fast food brand Chipotle, who was in the middle of a public Zoom chat with musician Lauv, before a participant began using the screen sharing feature to broadcast pornography. 

@Exitpost captured a screenshot of Chipotle’s Zoom meeting

Trolls have taken to sites like Twitter and Discord to share public zoom meeting IDs, and many IDs are available on event pages. 

We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only they can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining,” said a spokesperson for Zoom Video Communications in a statement to the New York Times.

A challenging future

Zoom was built as a corporate communications tool, not a social media network. As the world has moved online, the company failed to foresee the challenges ahead.

Unlike Facebook, Zoom is not the undisputed leader in its industry. Offerings like Skype, Hangouts and Messenger mean that it is easier for users to shift from Zoom than from Facebook. 

Zoom does, however, offer significant benefits like cheaper plans and advanced features giving it a slight edge over the competition. If it manages to tackle the issues soon, it could become the de facto tool for the future. 

 

If you enjoyed this article please consider checking out the rest of our tech coverage.

Srivats
Srivatshttps://srivi20.com
With 3 years experience in journalism prior to joining the FinalBoss team, Srivats has made a name for himself as the go-to guy for in-depth analysis and technical pieces. From the latest gadgets to major launches announced by the biggest tech brands, Srivats brings you content that keeps you in the know.

Related Articles

Leave a Reply

Stay Connected

908FansLike
2,799FollowersFollow
1,755FollowersFollow

Latest Articles

The Mandalorian Season 2 Preview

The Mandalorian season 2 will stream on Disney+ from October 30. In our preview, we’ll have a reminder of what happened in season 1,...

In the Quest to Conquer AR & VR, Here’s Everything Facebook Announced at Connect 7

Facebook is betting big on Augmented Reality (AR) and Virtual Reality (VR). We’ve known that for a while, and the company reiterated that at...

From the iPad Air to Apple One, Here’s Everything Apple Announced at it’s ‘Time Flies’ Event

Apple’s September event didn’t feature the iPhone 12, but that doesn’t mean it wasn’t packed. The hour-long video showed off Apple’s new Series 6...

Best AirPod Alternatives if Apple AirPods Aren’t Your Style

Apple’s AirPods are cool. With hands-free “Hey Siri”, easy set up and integration with the Apple ecosystem, it’s not hard to see why they...

Here’s a Very in-Depth Look at What to Expect from Apple’s ‘Time Flies’ Event

September is a very exciting month for Apple fans. We get the latest iPhones and Apple Watch. This is swiftly followed by an October...

‘Time Flies’ Says Apple As It Announces September 15th Event

It’s that time of the year again. Apple is all set to host its annual September event, but this year with a few twists....