Like this article? There is something similar by Microsoft for Microsoft Teams. Netitude has been delivering secure, reliable and productive IT for business growth, since
 
 

Government issues warning: 8 reasons that make Zoom video-calling app unsafe | Gadgets Now.

 
Your Reason has been Reported to the admin. Another problem was, Zoom was allowing users to send any type of files in its chat box, including:. Ensure you do your research. The agency had pointed out that the app has significant weaknesses which can make users vulnerable to cyber attacks, including leakage of sensitive office information to criminals. Visual Stories.

 

Is Zoom Secure? Breaking Down 10 Zoom Security Issues – InfoSec Insights – Zoom App Not a Secure Platform

 

Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. My agency which isn’t a high security-risk, top-secret place has an almost zero tolerance rule for Zoom and I am curious why. I don’t think it’s merely an E2E encryption issue because we are allowed to use the web-based version of Zoom but not the app.

Other agencies and labs that are high security-risk e. So my inclination is to think this is just our OCIO over reacting or somehow that we don’t have a contract with Zoom prevents its use. However, they repeatedly send out alerts about how big of a threat Zoom is to IT security yet they never explain why.

Early Zoom use did not properly limit access with passwords and was subject to Zoom Bombing , uninvited people joining the meetings. Zoom also mislead with statements about E2E encryption when in fact it was no such thing, as a result it got a lot of negative press. True E2E encryption was limited to direct one-to-one person connections for Zoom, and all the others as well, because trying to manage dozens or hundreds of individual encryption keys and cross connects is a nightmare.

According to their support page :. How does Zoom provide end-to-end encryption? This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today. Non-E2E Multiperson meetings for Zoom and everyone else is performed by connecting to a central management server that handles all the cross connects. Encryption is User-to-Server, but everything on the server is decrypted. Plain old default just use Zoom runs on servers controlled by Zoom throughout the world.

I’ve seen Zoom servers in Australia handling meetings in the U. Zoom, like all the others, offers the capability to run your own servers for greater control and security, but user and meeting metadata are still managed in the Zoom public cloud. Other products, like Jitsi, allow complete secure isolation if set up that way.

I believe WebEx supports an isolated setup as well, but I’m not positive. Of course, many of the other products are often used in a more convenient but insecure fashion as well. Zoom iOS App sends data to Facebook. As people work and socialize from home, video conferencing software Zoom has exploded in popularity.

What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account , according to a Motherboard analysis of the app. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Start collaborating and sharing organizational knowledge.

Create a free Team Why Teams? Learn more. What precisely about Zoom is not secure? Asked 1 year, 4 months ago. Modified 1 year, 4 months ago. Viewed times. Improve this question. There are many results when you search for “zoom security issues” or similar.

July had a particularly bad vulnerability which opened up remote webcam access even after uninstalling the software web app not affected, obviously. Nomad – It’s more that we are part of telecons with places that solely use Zoom so we are forced to use Zoom to participate. Those same institutions, for whatever reason, do not like WebEx. So then your answer is simply found with the google search query “zoom app vulnerabilities”.

Why your IT team sees it as a threat is not something we could possibly answer. Any answer will age poorly and there are active lists online that keep track of this particular app. We cannot do a security comparison between apps Zoom and Webex and we can’t tell you why your IT dep lets you use the web client but not the app.

Show 7 more comments. Sorted by: Reset to default. Highest score default Date modified newest first Date created oldest first. Conversely the open source product Jitsi emphasized security. In both cases, it’s all in the details. Recently Zoom has enabled E2E encryption capabilities, comparable to Jitsi. According to their support page : How does Zoom provide end-to-end encryption? The security issue is, who controls the server and where is it?

Improve this answer. The problem that the company cited is with the app, not the service. The company allows the Zoom web client.

All your points are about the service, not the app. So, you have not answered the question. Zoom still relays through a server but apparently they now support multiuser E2E. I have not yet tried it. Zoom bombing is still a threat 2. Why are you talking about a completely separate product? How is that relevant? So your point is only situationally relevant 5. That Facebook issue was reported 12 months ago and fixed. Let me make this easier for you: sites have been keeping tabs on the apps and the service since March last year and everyone started using it.

Here is the leading one the one I told the OP to look at : tomsguide. Add a comment. The Overflow Blog. Stack Exchange sites are getting prettier faster: Introducing Themes.

Money that moves at the speed of information Ep. Featured on Meta. Duplicated votes are being cleaned up. Announcing the Stacks Editor Beta release! Related Hot Network Questions. Accept all cookies Customize settings.