Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?
Zoom's popularity led to highly publicized cyber attacks, but other tech companies are equally vulnerable.
Zoom’s popularity skyrocketed 20-fold in the last month, and along with it came a pile-on of criticism. Now the company is facing a lawsuit and is barred by some public and private entities. But does Zoom alone warrant this backlash? Would the hysteria be where it is today if Zoom didn’t jump from 10 million users in December to more than 200 million in March? In our mass migration to work from home and growing reliance on virtual meeting platforms, we cannot overlook the ongoing security vulnerabilities facing all such tools.
The simple truth is vulnerabilities and flaws exist in every digital product and tool, videoconferencing included, and no software is impenetrable to hackers. To think differently would be foolish. Cyber security is very much a game of cat and mouse, with bad actors continuously looking for new ways to breach security and security teams constantly on the defense. No digital offering can ever be 100 percent secure.
Related: 6 Tricks You Need to Know About Zoom
So yes, Zoom’s platform has vulnerabilities and some privacy issues. But these issues are not exclusive to this platform. To date, Zoom’s hacks are either hoaxes or easily solved with simple setting changes. The widely reported “zoom-bombing” was made possible because of human flaws, not technical ones. There’s certainly a case to be made for Zoom’s security practices and an active approach to weeding out such issues, but it is equally plausible that hackers could find ways to penetrate meetings held on any other virtual meeting or video conferencing platform, Microsoft and Cisco included, perhaps with even greater success.
With pending litigation and mounting public scrutiny, Zoom’s issues benefit its competitors, but it wouldn't be prudent to overlook the vulnerabilities within these competitors’ platforms. They are not immune to the same problems.
Both Cisco and Microsoft have faced their own security issues in the past. Just last year, Microsoft uncovered a vulnerability in Teams that could be a vehicle for malware. The flaw disguised the malicious files as a program update, and any user that accepted that update prompt fell prey. One user recounted how they hacked WebEx a mere six months ago. There were also accounts of unauthorized users joining WebEx meetings, similar to the accounts we’ve seen about Zoom. These particular breaches, which flew under the radar, might have since been patched, but that does not mean that these services are now infallible. The ability to hack both of these platforms exists today, just in new forms.
Zoom’s competitors have boasted of features designed to secure their respective platforms. From encryption to privacy, consumers are meant to feel secure with a laundry list of protective measures. And sure, they may be more secure. But they are certainly not wholly secure anywhere.
It is no coincidence that Zoom’s security issues came to light during its boom in popularity, but the disproportionate hype and subsequent media attention far outweighed the severity of the issues. Hackers tend to gravitate towards actions that have widespread consequences. So inevitably, as Zoom’s user base grew, so too did the attention from blackhat, whitehat and greyhat hackers. Breaching Zoom now means potentially impacting 200 million people as opposed to the 10 million users the platform notched earlier this year. Increased users lead to increased hacking activity, which will inevitably lead to the discovery of additional software flaws and vulnerabilities. Should hackers turn their attention towards Skype or WebEx, additional flaws will be uncovered there too.
Security issues are not erased by migrating from Zoom to WebEx; it simply dresses the problem in a new “outfit.” If WebEx and Skype fail to actively combat the security flaws facing Zoom, they will likely fall victim to these hacks as well once they become more popular options with those working from home. Hopefully the security community will pile-on behind a company doing the right things as much or more than the pile-on around the issues.
For its part, Zoom has taken action to make its platform more secure, introducing enhancements to help meeting hosts manage secure meetings. Zoom should be lauded for the rate of improvement, rapid turnaround on discovered vulnerabilities and demonstration of its agility and focus on security hardening. In the cyber world of cat-and-mouse, this is what companies should look for in partners: transparency, honesty, focus on security and rate of improvement. Zoom has also announced a 90-day push to launch additional security and privacy steps at the same time it has scaled up 20 times its normal capacity. This isn’t trivial and is a lot like changing the tires while still driving. As hackers become more creative about which platforms to hack and how, all online communication platforms must remain on high alert, maintain the agility to deal with cybersecurity issues as they arise and offer the public full transparency as they move to patch security loopholes.