Word that there's a security flaw in Zoom is up in the air, and so is the deep seated concern for those who use it. How serious is the threat? How can it be avoided? What are the best alternatives? Today, we'll dive deep into this issue and answer all those questions.
The Vulnerability
This vulnerability in their system allows anyone website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission and taking a peek at whatever they want, no matter how important or confidential the information. The video conferencing administration of Zoom left a huge number of clients with a gaping hole in their security, that could permit assailants direct access to its clients’ PC cameras and mics.
The predicament enables attackers to start a video on a a Mac without client’s knowledge or consent, and Windows clients who have opened custom URLs from Zoom on Chrome programs are also vulnerable. On July 15, another security specialist, Karan Lyons, distributed a report demonstrating that RingCentral, which licenses Zoom's innovation and is utilized by more than 350,000 organizations, just as Zhou — basically the Chinese rendition of Zoom — are influenced by a similar predicament.
Can The Secret Web Server Do More?
The scary thing is that this flaw seemed to indicate that this web server can do far more than just launch a Zoom meeting. It won’t leave the host, and can get reinstalled by self-breaching the security and making sure to even actually get into you systems and access whatever it wants or extract any sensitive data. It turns out that this web server can also re-install the Zoom app if a user has uninstalled it.
How Did This Come To Light?
The one who pointed Zoom’s vulnerability initially was Jonathan Lei Schuh, who was able to point out the problem and the ways to probably prevent it. He did contact Zoom to let them know how the app could be fixed.
How They Rectified it
Zoom did end up patching up this vulnerability, but all they did was prevent the attacker from turning on the user’s video camera.They did not disable the ability for an attacker to forcibly join if the user visits a malicious site.
The fix proposed by the Zoom group was to carefully 'sign' the solicitation made to the customer. It was portrayed to the Zoom group how both of these arrangements were insufficient to completely secure their clients. As long as the assailant's server was behind the equivalent NAT switch as the person in question, the assault would, in any case, not be stopped.
The Company's Response
This is what they had to say in one of the press conferences:
“Initially, we did not see the web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process,” the company's representative said on their official blog, “But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service.”
This patch-up removes the local web server entirely, once the Zoom has been updated. Also, the platform now allows users to manually uninstall Zoom.
End Results
Zoom has not fixed this powerlessness in the dispensed 90-day window that was given to them. The 4+ million clients of Zoom on Mac are still presently powerless against an intrusion of their security. Moreover, because of an absence of adequate auto-update software, numerous clients keep on running obsolete, flawed versions of Zoom.
Still Want To Use Zoom?
If you want to fix this vulnerability for yourself and take all the necessary precautions, you can do the following.
Alternatives
Zoom offers a lot of features and tools that has people using it. On top of that, as it is free of cost, and there is no charge for any services or tools, but at the end of the day, security matters. Here are some great alternatives for Zoom:
Jitsi.org
Jitsi is sweet, simple and works perfectly. It has the capacity for open-source video conferencing. It’s totally free and WebRTC compatible, which means it’s pretty much integrates with anything you're using. It can support up to 200 users at a time. The video and audio quality and transfer are excellent, and don’t get mixed up first before reaching each participant. They’ve worked a lot on quality, and are actually a community of developers that have worked on several projects for enhancing the video/audio quality for online conferences. They also offer products, like dial-in, recording or simulcasting.
The cons? Perhaps is only and simply just a video conferencing tool, even if it’s an excellent one. If you’re looking for plenty of features with excellent quality, the next one’s the thing!
Cisco Webex
Cisco Webex is something I would personally recommend. It’s got pretty much every tool you could dream of when it comes to video conferencing, and they all work seamlessly. It can support up to 100,000 users at a time. Joining is easy. Screen-share is a breeze, and people can join via mobile phones, telephones or the web. The video switching is voice-activated (so you actually know who’s talking without them having to switch screen or anything) Users also have access to active support via live chat and remote access to tackle any troubleshooting issues. Cisco Webex is also an excellent tool for online trainings and webinars, with host breakout sessions and automated grading for over a thousand participants, along with the automated transcription feature, in case you need to go back to “notes”. It’s also got the whiteboard feature with all the tools for demonstration and of course, video recording, along with a lot of products that can make conferences even more seamless. The meetings are password-protected meetings, with unique conference URLs.
The drawbacks? If you want to play a video on your screen, there might be a bit of latency, but it’s no biggie. But unlike Jitsi, it’s not free.
Skype
Skype has been around for ages, and had settled its roots in the industry a long time ago. It’s most well known for its affordability, and how it offers all the core video conferencing tools like screen-share, integration with Microsoft Office and chatting. It’s easy to use and efficient. The basic plan costs $5 per user per month, and the premium one’s for $12.50 per user per month. For those who have been using and choose to use it, it's a reliable comfort zone.
Although it generally works fine, connectivity issues aren’t unheard of, and some Middle Eastern countries have blocked any VoIP service, which makes the international usage of Skype a little complicated, as it would require proxies and VPNs, slowing down the internet speed. I asked an expert from Computan team, Haseeb Ilyas about Skype, and he went into a "rant" about it, since after ditching its usage for business purposes, even using Skype while gaming "ruined his fun", and he had to opt for other apps like Discord instead.This is what I surmised from my conversation with him, if I mention the main points:
- After Microsoft took ownership of and optimized Skype, there’s been a lot of mismanagement
- Low bandwidth because of an overloaded infrastructure, making a call-flow very frustrating
- If you’re logged into your computer and phone and a call comes in, you can’t pick up the call from your phone, because the devices get “confused”
- Generally, a lot of technical glitches
Adobe Connect
I’ll get this out of the way first- Adobe Connect the most expensive of all.
But hold your horses before you jump to conclusions- it’s got the most unique features, and has a solid reputation for deeming security to be of the highest priority, and never letting people down on that account. It goes “beyond screen-share” and lets people remotely collaborate, increasing engagement, use the virtual whiteboard or even share files while collaborating. Another key feature that others don’t offer is customized meeting layouts, using the refreshing and creative templates, and there’s no time cap on the length of the meetings (sharing, discussion and collaboration being the three default options). Once recorded, they can also be edited, and certain information could be stored/distributed only to specific people. For those worried that they’ll have to install Adobe Flash Player have some good news coming along the way for them- it’s going obsolete in 2020, and isn’t as intrinsic to all-things-Adobe anymore.
Now, for the cons- it might be too pricey for small businesses, and a little inefficient for bigger ones ONLY because the one drawback is that it doesn’t accommodate as many participants as other video conferencing tools offer. It’s the quality vs quantity dilemma for this one. Depending on your pricing plan, you could have a maximum of 25 to 100 attendees.
GoToMeeting
So just like Skype, GoToMeeting offers all the core features at a very affordable pricing:
When I asked Haseeb Ilyas about the best video conference option according to him, he recommended GoToMeeting. It’s convenient, reliable and actually delivers what it offers to deliver, with all the tools you’d really need for a meeting. It’s not a social network like Slack, or a messaging service like Skype, where you can continue with a chat even after the meeting. It’s not specialized for teaching, where participants can use a “raise hand” feature, but it’s still highly efficient. For the reasons mentioned, it’s got an average rate of 80 million meetings per year and it's increasing. It’s also got some really useful tools like accessing transcripts of meetings and integration with CRM, email and messaging apps. You could also access cloud storage options, some pretty useful collaboration tools and drawing/screen-share tools for collaboration. As far as pricing goes, it's very reasonable:
There Are Plenty Of Fish In The Sea
Although a beloved software with so many features that was free has been a major disappointment, this should be an opportunity to look around and take advantage of better options. For now, you could zoom out of this predicament and use any of the options mentioned. If you think there are better options than the ones shortlisted here, feel free to comment!
