Zoom, the meetings and videoconferencing platform, has fallen out of favor with people who are in social isolation after going through several privacy scandals. Several news stories have been published saying that Zoom is insecure at a time when the application was registering more than 25 million meetings a day. The Zoom case had repercussions and many people were left wondering whether they should uninstall the tool.

So let's take a closer look at the facts of this story to understand what security flaws have been detected, what risks they pose and, above all, how you can continue to use Zoom a little more safely.

The great attraction of Zoom was, and still is, the fact that it is an extremely easy-to-use platform. This uncomplication is what drove the exponential increase in social distancing during the coronavirus pandemic. Once more restricted to companies and startups, it became the platform for grandma to talk to her grandchild, for virtual happy hours and for remote classes at the children's school.

So this simplicity was certainly Zoom's blessing. But at the same time, it turned out to be his curse.

The price of simplicity

Like almost everything else in the world of digital security, when we create a new application or develop a new product that requires security, we are faced with a dilemma. As a rule, the greater the simplicity, the greater the risk of creating digital security vulnerabilities. Conversely, the higher the level of digital security, the more difficult it is to keep everything tremendously simple at the user level. Zoom chose extreme simplicity. And with that, protection took a back seat.

What security breaches were found?

Firstly, Zoom Booming, as it has become known, which is nothing more than having a meeting or video conference invaded by a third party. And this intruder can send whatever they want, such as inappropriate content, or simply watch the conversation.

The second loophole is the possibility for the organizer of a meeting to record what is being discussed. And for the sake of simplicity, the file names are generated identically, not randomly, as is common. Thus, the files could be found through an online search, which means that anyone could find them. The searchable videos ended up leaking because they were stored unprotected on Amazon Web Services. There have been reports of leaked videos of classes with children, therapy sessions and even beauticians teaching female intimate hair removal.

And then we come to the third, and potentially most serious, Zoom loophole. Many of these videos contain sensitive information. Financial reports of companies, names and phone numbers of patients in medical calls, faces, voices and personal details of children in remote classes. This data can be used by hackers for the most diverse types of crime, both for electronic fraud and for scams involving social engineering.

But do the vulnerabilities found make Zoom totally insecure? Should people stop using it? In this post, I'll take you through the steps for those who want to continue using the tool with greater peace of mind.

By Allan Costa