91视频

The video platform Zoom has experienced overnight success with offices and schools closed around the world due to the coronavirus pandemic. The increased usage has resulted in a string of security concerns, which, according to a University of Notre Dame cybersecurity and privacy expert, have largely been blown out of proportion.

Zoom is not dealing with a security and privacy crisis, it鈥檚 facing a communication and transparency crisis, according to , associate teaching professor of IT, analytics and operations at Notre Dame鈥檚 .

鈥淶oom鈥檚 recent privacy and security issues aren鈥檛 any more significant than those facing any other tech company, and Zoom has quickly moved to correct each one of them,鈥� said Chapple, a former computer scientist with the National Security Agency. 鈥�The challenge Zoom faces is that they were a specialized niche company that was suddenly thrust into the role of a critical infrastructure provider overnight and they simply weren鈥檛 ready for the intense level of scrutiny that they鈥檝e received as a result.鈥�

Perhaps the most publicized of Zoom鈥檚 woes is the practice of 鈥榋oombombing鈥� where people join unsecured Zoom calls and disrupt private conversations.

鈥淭hese aren鈥檛 the result of a security flaw in Zoom,鈥� Chapple explained. 鈥淶oombombing occurs when people either don鈥檛 use a password to secure their Zoom meeting or give out the password on a public forum. You can protect yourself against this by following some simple best practices, such as not publishing your meeting password, using a waiting room to control access to your meeting and restricting screen sharing.鈥�

Zoom also has been criticized for听not offering end-to-end encryption听for videoconferences, an approach Chapple says most people never use.

鈥淚t鈥檚 true that Zoom doesn鈥檛 offer this level of encryption,鈥� Chapple said. 鈥淭hat鈥檚 because it鈥檚 technically very difficult to do so. Look at the other major videoconferencing providers.听Skype,听Microsoft Teams and听BlueJeans听don鈥檛 offer end-to-end encryption either. It鈥檚 simply not a reasonable security expectation. Cisco WebEx does offer an end-to-end encryption option, but听choosing that option disables major features of the platform, including the ability to record a meeting.

Chapple points out that Zoom did make a major mistake in this area by publishing a false claim that the service supported end-to-end encryption. They鈥檝e since听apologized and published a technical description听of exactly how their encryption works.

There also have been reports of听Zoom video recordings appearing on public websites听and cloud storage services, but Chapple says there is no indication this was Zoom鈥檚 doing.

鈥淶oom offers a recording feature to meeting hosts and听discloses to all participants when a meeting is being recorded,鈥� he said. 鈥淎t the end of the meeting, the host gets a copy of the video file. If they post it on an open forum, it鈥檚 not reasonable to hold Zoom accountable for the meeting host鈥檚 actions.鈥�

While researchers have identified a听few security flaws in Zoom鈥檚 technology听over the past few weeks, Chapple says that鈥檚 not unexpected for a platform suddenly thrust into the spotlight.

鈥淭he reality is that every software product has critical security flaws that we simply haven鈥檛 discovered yet,鈥� he said. 鈥淶oom reacted to each one of these with a听patch that corrected the problem. That鈥檚 what any responsible technology company would do.鈥�

Where Zoom really failed, according to Chapple, is with their pre-pandemic privacy policy.

鈥淚t contained听some truly awful terms and conditions听that basically granted the company the right to access private meeting information. After some scathing public criticism, Zoom听revised their privacy policy听to align with industry best practices.

"If you鈥檙e worried about the privacy and security issues at Zoom, don鈥檛 use the service. Personally, I鈥檝e found Zoom to be a crucial part of my ability to teach and work from home. I鈥檓 comfortable that they鈥檙e focusing on correcting security issues quickly and have built a platform that is scalable, reliable, and secure.鈥�

听

Contact: Mike Chapple, mchapple@nd.edu