Zoom in the firing line – can secure teleconferencing rivals swoop in?
After a series of security failures, privacy threats, and apologies issued by the CEO, Eric Yuan, Zoom is now under fire yet again, following a recent revelation that thousands of private conferencing videos are available online for the world to see.
Based on a report by The Washington Post, the videos include recordings of telemedicine training sessions with names and phone numbers disclosed, small-business meetings with identifiable financial statements present, elementary school classes exposing childrens’ faces and personal details, and private therapy sessions that reveal intimate conversations recorded in users’ homes.
What’s worse was the fact that these videos were named in a manner by default that made them easier to find.
Patrick Jackson, CTO of Disconnect who found these videos, revealed that he simply searched for recordings using Zoom’s default naming convention on an open cloud storage space. He was using a public search engine during his investigation and was surprised to see over 15,000 results.
Such slip-ups are bound to have consequences. Trust is no longer a quality that users have for the software which resulted in increased calls for bans on the application.
Is banning Zoom a viable solution?
A trend that started last month saw organizations like the Australian Defence Force, NASA, and Elon Musk’s SpaceX banning the use of the software due to privacy concerns.
SpaceX released a message to its employees through an email late March telling them to “use email, text or phone as alternate means of communication.”
In the last couple of days, Taiwan, Australia, and the state officials of the US have issued a similar notice.
According to a translated press release statement by Quartz, Taiwan had urged all of its government agencies to stop the use of “products with information security concerns, such as Zoom.”
Australia, on the other hand, has outlawed its parliament members and senators from using Zoom after the Australian military endorsed doing so.
Likewise, US state officials had told schools in New York, Washington DC, and Las Vegas to discontinue the use of Zoom after classroom sessions were met with harassment as a result of ‘Zoom-bombing’ interference.
The campaigns were launched by cybercriminals and trolls who infiltrated the calls to show racist and pornographic imagery to school children, further highlighting the major flaws in security and privacy protection features of the application.
However, what’s interesting is the fact almost all of these calls to ban end with a similar message: To use alternative means of communication tools, and there are plenty other alternatives offered by competing brands.
Alternative brands see spike in usage – but are they secure?
After a series of scandals involving misleading marketing on end-to-end encryption, Zoom-bombing, Facebook data collection feature, and other data mining features, users are swiftly changing their preference, now they’re using the teleconferencing tools more regularly.
The failures of Zoom have sparked new market opportunities for alternative products to grow. In fact, products like Skype, Microsoft Teams, Hangouts, and Webex have been cited repeatedly as replacements for Zoom, but there’s also space for up-and-coming solutions to now muscle in.
Despite multiple apologies issued Yuan, and announcements on security improvements to come, many feel that the app will not be fit for use until later on, and have lost trust in the company as a whole.
Competing brands are already taking advantage of the situation to promote the security features of their products.
On Saturday, Microsoft wrote in a blog post: “Our approach to privacy is grounded in our commitment to giving you transparency over the collection, use, and distribution of your data.”
The company explained how Microsoft Teams could provide a safe environment for meetings by meeting more than 90 regulatory and industry standards.
Additionally, the tech giant also took the time to promote Skype’s new Meet Now feature that enables the participants of a meeting to join a call without creating an account or installing the app, unlike Zoom.
— Skype (@Skype) April 3, 2020
Google Hangouts Meet, on the other hand, has made the premium version of its application free or for the price of US$6 a month per G-Suite user.
Cisco’s Webex also offers a free version of its application with some noteworthy features where it allows up to 100 participants in a meeting without a time limit.
However, both of these organizations have yet to make a point about how the free versions of their applications can provide security guarantees.
Albeit, there is still a range of other solutions offered by smaller brands that can step in for Zoom in light of its blunder streak. Businesses looking for the best alternatives to support their remote meetings can always do some market research to identify the ones that can offer communication capabilities at scale with the most holistic security features.
Now is the time for these firms to push forward with their offerings, and demonstrate security assurances to enterprises around the world who might be looking into alternative videoconferencing solutions, with operations now reliant on them.
Alternative brands can also learn from Zoom’s mistakes. One key security issue that was flagged throughout the entire cybersecurity fail fiasco is the fact that Zoom doesn’t use end-to-end encryption despite claiming that it does in its marketing campaigns.
It was revealed by The Intercept that Zoom responded to this issue by saying: “Currently, it is not possible to enable [end-to-end] encryption for Zoom video meetings.”
So, if competing brands want to ensure that they can win the trust of their users, they must strive to ensure that meetings are encrypted, personal information is secured, data is not shared with third parties, and users have control over what they record and keep.