By Nsikan Nkordeh
I know that many people, especially the working class, are familiar with Zoom.The COVID-19 pandemic has made it impossible for workplaces all over the world to open, re-defining how work is done ; people now work remotely using various online meeting platforms like Cisco Webex Zoom, GoToMeeting, ReadyTalk,OnStreamMeeting,Join.Me, ezTalks Meetings etc. All of these, Zoom seem to be the more popularly used one among medium and small corporate users(to me Cisco Webex is the best in terms of security).It was reported that the earnings of the founder of Zoom, Eric Yuan increased by $4B between January and April 2020! The man literally 'hammered'. Yes, millions have moved over to Zoom as a virtual workplace and official rendezvous
Yuan in an interview said they had 400 million users, a claim they were forced to withdrew.In actually fact Zoom has about 220 million users as at the end of April 2020.As corporate entities, Universities, individuals moved to Zoom because of its cost (cheaper than Cisco Webex) and flexibility, issues of security and privacy have been raised especially in America.These concerns are really issue-based.Zoom has it servers in China! You know what that means to America and their Intellectual Property(IP).Apart from this, Zoom has shown to be very unsafe as it deploys a very weak encryption scheme; Zoo uses the Electronic Codebook(ECB) mode of operation in building its encryption, a method that is insecure and easily can easily be hacked.This may account for the attack on zoom, termed "zoombombing", where unauthorized users showed up in a meeting uninvited.This was a serious security breach.That means during very important corporate meetings, intruders could access the meeting and listen to company's strategy and plans.
When using zoom, you are advised to be as formal as possible, private chats between people are not actually private, as the host of the meeting can later have access to such communication(You do not want to be caught joking or making inappropriate comments with a friend,through chats, during meeting). Users of Zoom thinks their private communication with others during meetings are confidential, but this is not so.Zoom should be responsible enough to alert users that their private chats may not be safe.
Zoom claims to be using end-to-end encryption(E-2-E), a claim that is untrue. End-to-end encryption means "that Zoom calls are encrypted at all points in the data creation, transfer, and reception lifecycle – and that Zoom itself is unable to access that critical data. End-to-end encryption is the gold standard, and it means that keys are generated and managed on endpoints, and are never accessible by Zoom’s servers"[1].This claim by Zoom is not true as Zoom through its servers have access to the encryption keys and can perform the decryption whenever it wants to.What this means is that if Zoom wants listen to listen to your meeting during or after the meeting, they have the encryption keys.That is a scary thing for American companies, recalling that Zoom has its main servers on Chinese soil.With the mutual suspicion between America and China, and the long age accusation from the Americans that China steals IP from them, using Zoom may be a matter of national security.The Google-Chinese fights in the late 2000s is still very fresh in our memory.One company that uses E-2-E encryption is Apple.The iPhone is the safest brand of phones, your encryption keys reside in your phone, not with Apple nor your network, hence it is almost impossible to get it hacked.
To know more about how you can secure yourself and your corporations, follow my cyber security articles on Linkedin and Twitter @nkordeh
