There are privacy and security issues with the Zoom video conferencing app. It has a horrible track record of handling user privacy and is leaking your data. Its video calling is also unsecured.
[0] US Senate tells members not to use Zoom
https://arstechnica.com/tech-policy/2020/04/us-senate-tells-members-not-to-use-zoom/
[1] Elon Musk’s SpaceX bans Zoom over privacy concerns – memo
https://www.reuters.com/article/us-spacex-zoom-video-commn/elon-musks-spacex-bans-zoom-over-privacy-concerns-memo-idUSKBN21J71H
[2] Concern over Zoom video conferencing after MoD bans it over security fears
https://metro.co.uk/2020/03/25/concern-zoom-video-conferencing-mod-bans-security-fears-12455327/
[3] Zoom shareholder accuses executives of fraud over security practices
https://www.cyberscoop.com/zoom-shareholder-accuses-executives-fraud-security-practices/
What pains me about Zoom being such sleazeballs when it comes to both security and privacy is just how unnecessary it is. They have good fundamental tech! But as the skeletons keep falling out of the closet, it’s clear that the organization is fundamentally corrupt.
— DHH (@dhh) March 31, 2020
Using malware techniques seems part of Zoom’s DNA. Recently Zoom was caught secretly installing web servers on users’ machines that allowed any website to forcibly join a user to a Zoom call, with their camera on, without consent. https://t.co/vShpK40zxy
— Arvind Narayanan (@random_walker) March 31, 2020
[5] Zoom Meetings Aren’t End-to-end Encrypted, Despite Misleading Marketing
https://theintercept.com/2020/03/31/zoom-meeting-encryption/
[6] Zoom Removes Code That Sends Data to Facebook
https://www.vice.com/en/article/z3b745/zoom-removes-code-that-sends-data-to-facebookhttps://www.vice.com/en/article/z3b745/zoom-removes-code-that-sends-data-to-facebookhttps://www.vice.com/en/article/z3b745/zoom-removes-code-that-sends-data-to-facebook
[7a] Zoom is a work-from-home privacy disaster waiting to happen
https://mashable.com/article/zoom-conference-call-work-from-home-privacy-concerns/
[7b] Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
[8] Privacy and the Online Pivot
https://www.insidehighered.com/news/2020/03/25/pivot-online-raises-concerns-ferpa-surveillance
[9] Zoom and FERPA Compliance
https://zoom.us/docs/doc/FERPA%20Guide.pdf
[10] Ex-NSA hacker drops new zero-day doom for Zoom
https://techcrunch.com/2020/04/01/zoom-doom/
Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks. The screen shot below shows an example UNC path link and the credentials being exposed (redacted). pic.twitter.com/gjWXas7TMO
— Hacker Fantastic (@hackerfantastic) March 31, 2020
[12] Apple has pushed a silent Mac update to remove hidden Zoom web server
https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/
[13] FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
[14] Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers
https://www.vice.com/en/article/k7e95m/zoom-leaking-email-addresses-photos
[15] ‘Zoom is malware’: why experts worry about the video conferencing platform
https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing
[16] What You Should Know About Online Tools During the COVID-19 Crisis
https://www.eff.org/deeplinks/2020/03/what-you-should-know-about-online-tools-during-covid-19-crisis
