The Problem with Zoom Meetings for the Enterprise

David Moore

David Moore

April 9, 2020

In the rush to quickly enable a remote workforce in the face of covid-19, many organizations turned to Zoom Meetings because it was quick to sign-up, free for meetings under 40 min, and relatively easy to use. 

As people quickly found out, there are major security and reliability concerns that organizations need to consider before deciding to use a solution like Zoom Meetings. In fact, many School Districts, including New York City’s, along with large organizations like Space X have banned Zoom because of online security issues

Struggling with Zoom Meetings? Contact us to discuss enabling Google Meet, the secure & reliable alternative to Zoom.

The security and reliability concerns with Zoom

Zoom already offered free video conferencing for meetings under 40 min long prior to the rush to adapt to shelter in place requirements due to covid-19. Zoom’s rapid response to the crisis was to offer some premium features for free to everyone and also offer free premium service to educators & students. 

People saw Zoom as an easy and cheap option to quickly enable video chats for work, school, and socializing. As a result, usage quickly spiked from 10 million daily meetings to over 200 million daily meetings. The rapid rise in usage not only put a strain on Zoom’s infrastructure, it also attracted the attention of hackers and the scrutiny of IT security professionals. 

While Zoom has been quick to respond to the problems below, it is a reactive approach so customers will not know that their data and users have been exposed until it has already happened.

Here is a quick run-down of Zoom’s recent security failures.

iOS Data being sent to Facebook

Upon downloading the Zoom app, Motherboard discovered the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account. The big problem with this is that Zoom’s privacy policy isn’t explicit about the data transfer to Facebook so users have no way of knowing what data they are agreeing to share when they download the app. Zoom quickly updated the app to prevent it from collecting “unnecessary data” once the story broke.

Zoom flaws allow the takeover of Macs, including webcam, mic, and root access

After it was discovered that the Zoom app was sending unnecessary iOS data to Facebook, an Ex-NASA hacker discovered Macs are vulnerable to webcam and mic takeover again, in addition to taking gaining root access to a Mac. It has to be a local attack but the bug makes it relatively easy for an attacker to gain total control in macOS through Zoom. You can learn more about the technical details of this Zoom security flaw in this article by TechCrunch.

Zoom has issued an apology and patched the 2 bugs that were discovered but, once again, users were unknowingly at significant risk until a hacker published the bugs.

‘War Dialing’ tool exposes Zoom’s password problems 

All Zoom conference calls are assigned a Meeting ID that consists of 9 to 11 digits and hackers quickly figured out they can simply guess these ID’s to join meetings. This process has been automated with programs like zWarDial allowing hackers to find, on average, 110 meetings per hour, and has a success rate of around 14 percent. The lack of password protection and War Dialing tools leading to a rise in “Zoom Bombing” or “hijacking” of online classrooms and teleconferences making it impossible to continue the meeting.

Zoom is responding by turning on password protections for meetings and adding other security features to their product roadmap but these features will take time to develop and implement.

Record growth strains infrastructure

Zoom has been very candid about the strain caused when the usage ballooned overnight as a result of the rush to work remotely. The Zoom platform was not built to handle the current level of usage. Eric Yuan, Founder & Chief Executive Officer of Zoom, has admitted that despite “working around the clock” to support the influx of new users, the service has not met expectations.

Zoom users now frequently experience call audio lagging, unusable video features, and meetings that are difficult to make productive. As a result, sales teams cannot conduct high-quality demos, customer service reps are frustrating customers, and internal teams struggle to collaborate.

Enterprise Ready Alternative to Zoom: Google Meet

The overall challenge with Zoom is that it is being sold as an enterprise application but it is not built and does not operate like one. The good news is, Google Meet provides your organization with a cost-effective and secure alternative to Zoom Meetings.

Google Meet premium features now free to G Suite customers

As discussed in our blog post on Google’s response to Covid-19, all G Suite customers now have access to Hangouts Meet premium features so that they can more effectively work from home. These features are typically only available in the Enterprise and Enterprise for Education editions of G Suite, but they are now available to all G Suite editions at no additional cost until July 1, 2020. 

Contact us to learn how to enable these free features for your users.

Google Meet keeps your video conferences protected

Google Meet’s security controls are turned on by default so that in most cases, organizations and users won’t have to do a thing to ensure the right protections are in place. Here are the high-level ways Google is protecting Meet users:

  • Proactive protections to combat abuse and block hijacking attempts
  • Secure deployment and access controls for admins and end-users
  • Secure, compliant, and reliable meeting infrastructure 

This Google article gives additional details on the key capabilities of Google Meet that help protect you and your users.

David Moore

David Moore

April 9, 2020

Subscribe to Blog

Share This