Free Video Conferencing with a Catch*

Using Zoom to conduct company meetings amid the COVID-19 crisis? If you are disclosing anything of value or if you value your privacy, you’ll want to discontinue using it, there are plenty of free offerings out there that are a better choice.

Zoom is developed in China while over 80% of their revenue comes from the United States. While Zoom is headquartered in Silicon Valley, they have outsourced development to China so they don’t have to pay US salaries.

From the "Dumpster Fire" department

The most recent Zoom related news that I’ve seen is a ycombinator news thread started by user rshnotsecure. Due to mis-configured DNS, internal sub-domains had leaked.  Apparently more than one leaked sub-domain was found that makes it appear as if Zoom employees were spying on women around the world.

In an article written April 3 from “The Citizen Lab” Zoom has been dubbed “not suited for secrets” because among other things, it uses  weak encryption with known vulnerabilities. Researchers observed that keys for encrypting and decrypting meetings were transmitted to servers in Beijing, China. Anyone with the key can decrypt the video.

If your meeting is open, it’s susceptible to “ZoomBombing” where malicious actors will enter a meeting and attempt to disrupt it, sometimes with explicit content. Not a very productive meeting.

If that’s not bad enough, thousands of private zoom video recordings were left exposed online.  This included personal therapy, business meetings, private financial information and online classes.

“the videos can be viewed and downloaded through a “simple online search” because Zoom video recordings are named in an identical way, making it all too easy for anyone so inclined to download and view thousands more such videos.”

Last but not least, if you have to use it, be extremely aware about where you install Zoom from. If you got the installer from a third party, that installer may “also install a cryptocurrency miner on the victim's computer” amongst other malware.

Last year, security researcher Jonathan Leitschuh identified that the Zoom application on a Mac installs a webserver on the computer and leaves it open to attacks including camera hijack. This vulnerability has since been fixed.

So, what video service do you need to switch to? That depends, if you are already an Office 365 customer, chances are you already have a Microsoft Teams/Skype for business license. You can invite people  outside of your company at no cost.

During the COVID crisis, Microsoft and Cisco are giving their video products away.