What's happening at Zoom? Article references to catch you up

Below are references to recent articles on Zoom security and  privacy issues. Some are covering the same topic but it gives a sense of the number of problems by such a wide coverage. I am not going to comment on what is below, I will leave it up to the reader to decide what is best for their own security and privacy and if you should use or continue to use Zoom. There were additional articles but these are the most interesting. I am not a fact checker or other to verify the information included in these articles. The references are in no particular order but the first three articles give a good overview of most the recent issues.


Zoom Security Issue Timeline
https://www.cnet.com/news/zoom-every-security-issue-uncovered-in-the-video-chat-app/


Bloomberg: Zoom Sued for Fraud Over Privacy, Security Flaws
https://www.bloomberg.com/news/articles/2020-04-08/zoom-sued-for-securities-fraud-over-privacy-security-flaws


Zoom Security Privacy Flaws:
https://tidbits.com/2020/04/03/every-zoom-security-and-privacy-flaw-so-far-and-what-you-can-do-to-protect-yourself/


UK Ministry of Defence bans Zoom Meetings, Concerns have been raised over the security of video conferencing service Zoom after the Ministry of Defence (UK) banned staff from using it.
https://metro.co.uk/2020/03/25/concern-zoom-video-conferencing-mod-bans-security-fears-12455327/


Zoom bombing is due to meetings being left open without requiring any password:
https://www.washingtonpost.com/education/2020/03/25/zoombombing-disrupts-online-classes-university-southern-california/


Troll Terrifies Public Zoom Meeting By Sharing Highly Disturbing Video (21 March)
https://www.forbes.com/sites/leemathews/2020/03/21/troll-terrifies-zoom-meeting-zoombombing/#2848f3973e70


‘Zoombombing’: When Video Conferences Go Wrong (22 March)
https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html


Vulnerability Allowed Attackers to Join Zoom Meetings (28 Jan)
https://www.securityweek.com/vulnerability-allowed-attackers-join-zoom-meetings


Beware of ‘ZoomBombing:’ Screensharing filth to video calls (18 March)
https://techcrunch.com/2020/03/17/zoombombing/


How Many Zoom Meetings Can I Join?" –ZoomBombing Private Meetings (23 March)
https://www.linkedin.com/pulse/security-matters-online-meetings-tommer-catlin/


Zoom Fixes Flaw Opening Meetings to Hackers (28 Jan)
https://threatpost.com/zoom-fixed-flaw-opening-meetings-to-hackers/152266/


Security Matters -Online Meetings.
https://www.linkedin.com/pulse/security-matters-online-meetings-tommer-catlin/


Once again Zoom hackers easy access to camera and mic (3 Dec).
https://www.securitynewspaper.com/2019/12/03/one-again-zoom-video-conferencing-gives-hackers-easy-access-to-camera-and-microphone/


Zoom Fixes flaw that allowed hackers to join calls (28 Jan).
https://www.zdnet.com/article/zoom-fixes-security-flaw-that-could-have-let-hackers-join-video-conference-calls/


Regrettably, the access (through a Zoom URL) for the Zoom Connector for Cisco hosted on zoom.us was accessible without authentication” (26 Nov).
https://www.uctoday.com/collaboration/cisco-zoom-its-not-all-rainbows-sunshine-in-collab/


Zoom Opens Video Device Security Hole — Again (3 Dec).
https://www.nojitter.com/video-collaboration-av/zoom-gives-way-video-device-security-breach-again

Using Zoom? Here are the privacy issues you need to be aware of.
https://securityboulevard.com/2020/03/using-zoom-here-are-the-privacy-issues-you-need-to-be-aware-of/


Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
https://www.vice.com/en_ca/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account


Popular technology could be putting corporate privacy at risk with little power to prevent it (24 Mar, 2020)
https://www.afr.com/technology/zoom-is-the-next-privacy-challenge-20200324-p54dff


Advocacy group calls for Zoom to release a transparency report (19 Mar, 2020)
https://www.theverge.com/2020/3/19/21186152/zoom-transparency-report-access-now-advocacy-group


The Zoom Boom is Great for Remote Work but Still Leaves Privacy Question Marks
https://futurumresearch.com/remote-work-tools-are-hot-but-keep-data-privacy-in-mind/


Zoom is a work-from-home privacy disaster waiting to happen (13 Mar)
https://mashable.com/article/zoom-conference-call-work-from-home-privacy-concerns/


Zoom’s A Lifeline During COVID-19: This Is Why It’s Also A Privacy Risk
https://www.forbes.com/sites/kateoflahertyuk/2020/03/25/zooms-a-lifeline-during-covid-19-this-is-why-its-also-a-privacy-risk/#425324528ba8


Zoom Calls Aren't as Private as You May Think. Here's What You Should Know
https://www.consumerreports.org/video-conferencing-services/zoom-teleconferencing-privacy-concerns/


Zoom does not respect user’s privacy!
https://smex.org/zoom-does-not-respect-users-privacy/


UK Government Uses Zoom Despite MoD Security Concern.
https://www.infosecurity-magazine.com/news/uk-government-zoom-despite-mod/


Coronavirus: Zoom is in everyone's living room - how safe is it?
https://www.bbc.com/news/technology-52033217

Zoom Removes Code That Sends Data to Facebook.
https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook


National Law Review:
https://www.natlawreview.com/article/not-so-zoomy-use-videoconferencing-technology-zoom-rise-privacy-and-data-security


Not so Zoomy: Use of videoconferencing technology “Zoom” is on the rise, but Privacy and data security Inadequacies Users Should Tread Carefully.
https://www.natlawreview.com/article/not-so-zoomy-use-videoconferencing-technology-zoom-rise-privacy-and-data-security


Zoom Urged To Divulge Gov’t Data Demands In COVID-19 ERA
https://www.law360.com/telecom/articles/1255639/zoom-urged-to-divulge-gov-t-data-demands-in-covid-19-era


Zoom’s coronavirus boom raises privacy concerns.
https://nypost.com/2020/03/19/zooms-coronavirus-boom-raises-privacy-concerns/


Additional Articles:


Attorney General looking into Zoom privacy!
https://www.nytimes.com/2020/03/30/technology/new-york-attorney-general-zoom-privacy.html


https://blogs.cisco.com/collaboration/collaboration-without-compromise-a-security-first-approach-to-remote-working


Zoom not end to end encrypted
https://theintercept.com/2020/03/31/zoom-meeting-encryption/


Shareholder sues Zoom
https://www.fool.com/investing/2020/04/08/shareholder-sues-zoom-over-security-flaws.aspx


Elon Musk takes out Zoom for Spacex
https://www.reuters.com/article/us-spacex-zoom-video-commn/elon-musks-spacex-bans-zoom-over-privacy-concerns-memo-idUSKBN21J71H


Google bans Zoom over security concerns
https://www.businessinsider.com/google-bans-zoom-from-employee-computers-due-to-security-concerns-2020-4


NFL concerns over Zoom
https://bleacherreport.com/articles/2885245-report-nfl-exec-says-possibility-of-zoom-hacks-in-remote-draft-are-unnerving


Germany limiting Zooms use
https://www.reuters.com/article/us-health-coronavirus-germany-zoom/german-foreign-ministry-restricts-use-of-zoom-over-security-concerns-report-idUSKBN21Q1SC


Senator Dings Zooms on end-to-end Crypto
https://arstechnica.com/tech-policy/2020/04/senator-backing-anti-crypto-bill-calls-out-zooms-lack-of-end-to-end-crypto/


ZoomBombing During Service
https://www.tapinto.net/towns/clark/sections/union-county-news/articles/springfield-synagogue-experiences-anti-semitic-zoom-bombing-during-service-5


Taiwan removing Zooms use
https://www.reuters.com/article/us-zoom-video-commn-privacy-taiwan/taiwan-tells-agencies-not-to-use-zoom-on-security-grounds-idUSKBN21P1MK


Webex Security Versus Zoom's Shady Practices
https://securityboulevard.com/2020/04/comparison-of-webex-security-versus-zoom-shady-practices/

US Senate avoiding Zom over security concerns
https://finance.yahoo.com/news/u-senate-tells-members-avoid-072707721.html

VoIPNorm

COVID19 Resources

Collection of links of helpful info for COVID19.

CDC COVID19 Information

https://www.cdc.gov/coronavirus/2019-ncov/index.html

 Community Mask making by Providence

https://www.providence.org/lp/100m-masks

COVID19 Tracking

https://ncov2019.live/data

COVID19 predictive modeling by UW

https://covid19.healthdata.org/united-states-of-america

Renton City WA COVID19 Information

https://rentonwa.gov/news/current_news/c_o_v_i_d-19_resources

Washington State COVID19 Response

https://www.doh.wa.gov/emergencies/coronavirus

WHO

https://www.who.int/health-topics/coronavirus#tab=tab_1

Stay safe.

If you have a helpful link please comment.

VoIPNorm

CE-Deploy 3.0 Updates

Time for  a quick update on CE-Deploy after the holiday's. The last few months have been a very productive time as I have added a bunch of new features. I have also had a name change to CE-Deploy 3.0 versus sticking with Cloudy CE-Deploy as a separate app.

 CE-Deploy 3.0 will have both cloud and local admin account functionality built in. This means  you will be able to configure cloud based devices through the cloud xAPI (Command and Status for now) and also on-premise and cloud through local admin access directly on the device. See the screenshot above of local admin device access. 

Along with porting all local admin device functions over to the 3.0 application I have also added the ability to do free form xAPI commands for local admin. This should be really helpful when testing commands or just doing some configuration that you need to bulk deploy in a pinch. Recently I had a customer that needed to do bulk reboots of endpoints. This worked a treat.

A list of the new things I have added recently:
  • Local and Cloud in one tool.
  • OBTP simulator for local devices
  • Integrations settings so you can use your own cloud integration (still testing) for cloud xAPI
  • Cloud xAPI branding and wallpaper deployment (that's right wallpaper!)
  • Endpoint restore using a backup file for local admin
  • Single endpoint deployment(no need to use a CSV of IP addresses for one device)
  • Create CSV for of device ID's for cloud
  • Better messaging in the message console and logging of errors
  • Error reports(coming in the next build).
That's it for now.

VoIPNorm