Many of our campus partners have reached out with questions about the security and privacy of Zoom. With our current COVID-19 environment, the use of this product at Princeton has increased exponentially as well as throughout the world. They’ve reportedly gone from a February 2020 daily peak of 10 million users to over 200 million daily users in March. Zoom is generally thought to be the clear, current leader for online meetings.Their previous corporate focus has now evolved to supporting online education around the world as well as personal use to help many of us connect with our friends. However, the extremely rapid growth of the use of the product has led to increased scrutiny of the security and privacy of Zoom. Some issues have been identified to which Zoom has responded or is in the process of responding.The good news is that Zoom has committed to continue to work on these issues. In fact, Zoom’s CEO recently announced that Zoom will forgo work on any new features over the next 90 days to focus solely on improving the platform’s security and privacy protections. This April 1st blog post summarizes the issues they’ve had, what they’ve done to correct them, and how they plan to proceed. Additionally, Zoom has prepared a web page related to all things security. At Princeton, we’ve prepared a Zoom Best Practices knowledge base article that includes information about using the platform securely (like preventing “Zoombombing” attacks). This updated article includes some suggested mitigations against recently identified security issues:
- A very recently announced vulnerability with Zoom for Windows (3/31/20) involves its chat function and links sent in chat. We recommend, as a best practice, not to click on links in chat particularly when you don’t know all of the participants in the Zoom session. A malicious link in chat which connects to another computer could be used to execute dangerous programs and compromise your computer.
- The Zoom software installer for Macintosh has been criticized (3/30/20) in that it potentially enables malicious actors to modify the installer in ways that would put systems at risk. The best way to mitigate this risk is always to download the Zoom client directly from Zoom itself.
Princeton’s Information Security Office has been monitoring Zoom’s security and privacy posture, and although they’ve recently had some significant issues worthy of concern, we are pleased with the company’s responsiveness.
Other Princeton Zoom Resources: