The increasingly popular video app Zoom is drawing criticism for security flaws and privacy issues.
Millions of people, who have been forced to stay in their homes, turned to the company for work, school and to stay connected with friends and family during the coronavirus pandemic.
Zoom has seen a surge in users since the pandemic began, increasing its users from 10 million last year to 200 million by March of this year, the company's CEO said.
But, now several countries, companies and schools have opted to not use the app because of security and privacy concerns.
The concerns have Zoom scrambling to ensure users the app is safe to use after reports of “Zoombombing”, which is when a person hijacks a video call, posting hate speech and pornographic images.
In Florida, a woman says a “zoombomber” started playing pornographic content during her son’s fourth grade virtual class after hijacking the video call.
"I put my hand on the other side of the screen so he wouldn't see anything but I could see the other kids' faces and they were like shocked,” Claudia Reyes said.
The issue has even caught the attention of the FBI. The agency is warning people to be cautious when using the app.
“They never really thought about security and privacy when they created this platform,” said Dr. Richard Forno, who is a cyber security expert and teaches at the UMBC.
Forno says the meeting ID’s the app used were too predictable, which allowed hackers to easily infiltrate meetings and online classes.
“If you and I were using zoom right now and our meeting ID was 1234, somebody can try 12345, 123456, 1234567, and keep trying to find ones that will let them in,” he said.
Zoom CEO Eric Yuan recently apologized to users during a YouTube livestream for the security lapses. The company released updates, including a minor update on Thursday, to fix the problems.
“When it comes to security and privacy, especially now when everybody is online, you can't be too careful,” Forno said.
There are more secure video conferencing apps, but if you prefer Zoom, there are things you can do to protect yourself, Forno said.
“Don’t use your personal meeting ID. Make each individual meeting a separate event so there’s less chance of that meeting ID being recycled or reused by a bad guy and enable the waiting rooms so you can screen who is trying to get into your meeting,” he said.